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Preface 



Since their introduction nearly 40 years ago, research on Petri nets has taken 
many different directions. Various kinds of Petri net classes, motivated either by 
theory or applications, with their specific features and analysis methods, have 
been proposed since then. The fact that Petri nets are widely used and are 
still considered to be an important research area, demonstrates both the useful- 
ness and the power of this approach. This successful development has led to a 
very heterogeneous landscape of diverse models, and this in turn has stimulated 
research on concepts and approaches that provide some (often partial) unifica- 
tion/structuring of this landscape. Since most of these unifying approaches are 
scattered through the literature, we are convinced that the time is ripe for the 
publication of a volume comprising the most relevant approaches developed up 
to now. The title of this volume “Unifying Petri Nets” in the series “Advances 
of Petri Nets” provides a compact representation of its contents. The goals we 
hope to achieve by publishing this volume are: 

— a stimulation of research in this important area, 

— a meaningful comparison of various approaches, 

— a cross-fertilization between different approaches, 

— a compact presentation of the state of the art. 

Although different approaches to unifying Petri nets aim at different goals, 
there are some common benefits. A uniform approach to Petri nets captures the 
common concepts of different kinds of Petri nets, such as places, transitions, net 
structure, and (in the case of high-level nets) data types. General notions, such 
as firing behavior, invariants, etc., that are essential for all kinds of Petri nets, 
can be formulated within a unifying approach. In this way these notions become 
independent of their definition within a specific net class. Results achieved within 
a unifying approach can often be “naturally” transferred to the net classes cap- 
tured by this approach. 

The volume begins with an introductory paper that presents some of the 
paradigms underlying the theory of Petri nets. 

Part I: Application Oriented Approaches is mainly concerned with an overview 
of (and recent developments concerning) the German DFG Researcher Group 
Applied Petri Net Technology, where the concept of a “Petri Net Baukasten” 
has been developed in order to allow a unified access to theory, applications, 
and tool development in the area of Petri nets. 

Part II: Unifying Frameworks presents various mathematical approaches, 
based on partial algebras, category theory, and rewriting logic, that allow a 
classification as well as a uniform presentation of various Petri net classes. 




VI 



Preface 



Part III: Theoretical Approaches is a collection of contributions investigating 
more specialized aspects of a uniform theoretical treatment of Petri nets. 

We hope that this volume offers new insights and suggests new and important 
research topics for all readers interested in Petri nets. 



April 2001 Hartmut Ehrig 

Gabriel Juhas 
Julia Padberg 
Grzegorz Rozenberg 
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“What Is a Petri Net?” 

Informal Answers for the Informed Reader 



Jorg Desel and Gabriel Juhas 



Katholische Universitat Eichstatt 
Lehrstuhl fur Angewandte Informatik 
85071 Eichstatt, Germany 
{ j oerg . desel , gabriel . juhas}@ku-eichstaett . de 



Abstract. The increasing number of Petri net variants naturally leads 
to the question whether the term “Petri net” is more than a common 
name for very different concepts. This contribution tries to identify as- 
pects common to all or at least to most Petri nets. It concentrates on 
those features where Petri nets significantly differ from other modeling 
languages, i.e. we ask where the use of Petri nets leads to advantages 
compared to other languages. Different techniques that are usually com- 
prised under the header “analysis” are distinguished with respect to the 
analysis aim. Finally, the role of Petri nets in the development of dis- 
tributed systems is discussed. 



1 Introduction 

What is a Petri net? Very often, the thesis of Carl Adam Petri [23| written in 
the early sixties is cited as the origin of Petri nets. However, Petri did of course 
not use his own name for defining a class of nets. Moreover, this fundamental 
work does not contain a definition of those nets that have been called Petri nets 
later on. In fact, there are hundreds of different definitions and extensions in 
the literature on Petri nets since then. Most authors did not mean to define 
something completely new when coming up with a new definition. They use the 
term “Petri net” to express that the basic concept of a notion is the one of Petri 
nets, no matter how this notion is formulated mathematically or which extensions 
of standard definitions are used. In this contribution we try to identify central 
aspects of this basic concept of Petri nets. In other words, we aim at providing 
characteristics of Petri nets that are common to all existing and future variants. 
It should be clear that this can only be done in a very subjective manner. So we 
like to place the following disclaimer at the very beginning of the paper: We do 
not consider our list of important aspects of Petri nets complete, and for each 
aspect claimed to be common to all Petri net variants there might exist very 
reasonable exceptions. 

This paper is not an introduction to Petri net theory. Instead, we assume 
that the readers have some knowledge about Petri nets and preferably even 
know different Petri net classes. For an overview of Petri net theory we refer to 
the proceedings of the previous advanced course on Petri nets j2bl2bj . The other 
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contributions in this book should also be helpful, although the present paper is 
meant to be an introductory note to this book. In particular, the work of the 
“Forschergruppe Petrinetz-Technologie” , represented by the papers !35llVll3l86| . 
show how different variants of Petri nets can be subsumed and structured in a 
unified framework. 

There are also examples of modeling notions which do not carry “Petri net” 
in the name but apparently stem from Petri nets. Among these notions are event- 
driven process chains (EPCs) m (originally called “Ereignisgesteuerte Prozess- 
ketten” in German), a standard notion for modeling business processes in the 
framework of the “ARIS-Toolset” . The first publications on this model explictly 
refer to Petri nets. Still, the central idea is the one of Petri nets although there 
are some significant differences. Another example is given by activity diagrams, 
a language within the Unified Modeling Language (UML). These diagrams more 
or less look like Petri nets and have an interpretation which is very similar to 
Petri nets but have some additional features such as “swim lanes”, associating 
each diagram element to an object. Although people from the UML community 
insist that activity diagrams have nothing to do with Petri nets, there already 
exist a number of publications establishing close connections between these two 
languages |14ll8j . Actually, Petri nets are suggested for a formal semantics of ac- 
tivity diagrams - this notion has evolved to a standard without having any fixed 
semantics by now. So this paper is about Petri nets and those related formalisms 
which are based on the same concepts as Petri nets. 

Many papers defining or using Petri nets emphasize the following charac- 
teristics of the model; Petri nets are a graphical notion and at the same time 
a precise mathematical notion. So we take it that these two properties are the 
most important ones and we devote the following two sections to them. The next 
important characteristics of Petri nets is described by their executability, their 
semantics, their behavior or the like. Whereas it seems that the first two charac- 
teristic features do not rise any dissension, there is no common agreement what 
the semantics of a Petri net should look like, i.e., what the behavior of a Petri 
net formally is. We split the consideration on behavior in two parts; behavior 
is constituted by the occurrence rule - which defines under which conditions a 
transition is enabled and what happens when it occurs - and by derived for- 
mal descriptions of the entire behavior, given by the set of occurrence sequences, 
partially ordered runs or any kind of trees or graphs representing all runs of a 
net. These parts constitute the topics of sections four and five. Analysis of Petri 
nets is the next important subject, addressed in section six. This term comprises 
many different concepts; analysis by simulation, by employing structural prop- 
erties of the net, or by analysis of the exhibited behavior of a net. We distinguish 
between analysis techniques that automatically provide useful information for a 
given net (like deadlock- freedom), techniques that automatically verify a given 
property (like mutual exclusion) and techniques that help in manually proving 
the correctness of a net with respect to a given specification. The last section 
is concerned with topics that are not explicitly addressed in most other papers 
on Petri nets. Each Petri net is a model of a system, if it is not just a counter- 
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example or an illustration of a proof. There are many different languages for 
modeling systems, most of them not comparable with Petri nets (consider, e.g., 
models of the architecture, models of the data structure etc.). Therefore we have 
to be more precise; a Petri net models the behavioral aspects of a system. The 
same can be said about differential equations. So we should add that the behav- 
ior is constituted by discrete events. Again, there are more prominent languages 
for this task, namely the variety of automata models. The core issue of Petri nets 
is that they model behavioral aspects of distributed systems, i.e., systems with 
components that are locally separated and communicate which each other. Sur- 
prisingly, neither components nor any notion of locality appears with the usual 
definition of a Petri net. The section on distributed systems discusses aspects of 
this gap. 

Each section header is an answer to the question raised at the beginning of 
the paper. 

2 A Graphical Notation 

Most modeling languages have graphical notations, and this has good reasons. 
Models are used as a means to specify concepts and ideas, and to communicate 
them between humans. Nearly everybody would use some kind of graphics to 
express his or her understanding of a system, even without using any explicit 
modeling language. We asked our first semester students to give a model of the 
enrollment procedure of our university. The result was a very interesting vari- 
ety of models emphasizing surprisingly many different aspects of the procedure. 
All these models were supported by graphics. It does not need psychological 
research to state that graphics employing two dimensions allow for a better un- 
derstanding of complex structures than one-dimensional text. Since specification 
of systems and communication of models are the main applications of Petri nets 
in practice, understandability for humans is among the most crucial quality cri- 
teria for modeling languages. Petri nets have a nice graphical representation 
using only very few different types of elements, which is a good basis for an easy 
understandability of a model and for the learnability of the language. These two 
criteria for modeling languages belong to the most important ones recognized in 
the “Guidelines of Modeling” 0. 

Many modeling languages are supported by graphics that possibly abstracts 
from some details of a model. Petri nets are not only supported by graphics but 
each Petri net is a special annotated graph. One could argue that the annotations 
of a Petri net are as essential as the graphics. In fact, for some high-level Petri 
net classes it is possible to represent any model equivalently by a trivial net 
structure, putting all the information about the model into the annotations of 
a single place, a single transition and the connecting arcs m- In general, often 
one has to trade off between specification by graphical means and specification 
by textual means in the annotations. It is a typical feature of Petri nets that the 
semantics of textual annotations can be given in terms of nets, i.e. of graphs. 
As an example, consider the low-level unfolding of a high-level Petri net ^21 • In 
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Fig. 1. A picture of a Petri net 



this sense, annotations can be viewed as shortcuts for more complex graphical 
representations, employing, e.g., symmetries of a net. Hence it is justified to 
claim that a Petri net is a graph. 

In the previous paragraphs we confused mathematical graphs with graphi- 
cal notations. So what is a Petri net, a mathematical object representing the 
components of a graph or a picture? It is important to notice that by definition 
the way a net is drawn does not carry any semantic information. This is dif- 
ferent for languages such as SADT m where it makes an important difference 
whether an arc touches a node at its right, left, upper or lower side. Also the 
relative position of Petri net nodes carries no formal information. However, the 
topology of a drawn Petri net is important from a pragmatic perspective. The 
modeler might place the elements representing a single system component on a 
cycle if this helps to understand the net. In this case, additional knowledge about 
the model and its relation to the system is put in the picture. Alternatively, a 
tool can calculate a nice way to draw a net; then the figure carries information 
about the net itself and about some analysis results. So a Petri net picture can 
be more than a mathematically defined graph. The difference is irrelevant for 
analysis tools. But it is significant when the net is used as a means for human 
communication. Even simple models can be drawn in a spaghetti style such that 
this picture does not help much (compare for example two pictures of the same 
Petri net in Figures P and 0. The topology of a net drawing is an important 
topic in the context of interchange standards for Petri nets m- The exchange 
information of a picture might contain information about the relative position 
of the nodes, about their shape etc. 

It is often emphasized that Petri nets are bipartite graphs, because each di- 
rected arc either leads from a place to a transition or from a transition to a place. 
This is not exactly true; Petri nets are more than that. In bipartite graphs the 
two sets of nodes play a symmetric role whereas places and transitions are dual 
concepts. Exchanging places and transitions leads to a completely different net. 
The existence of places and transitions and their distinction, is one of the fun- 
damental ingredients of Petri nets. Therefore this formalism is neither primarily 
based on actions (like data flow diagrams), represented by transitions, nor is it 
primarily based on states (like automata), represented by places. Instead, the 
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Fig. 2. Another picture of the Petri net from Figure Q 



mutual interplay of local activities and local states constitutes the basic compo- 
nents of each net, as will be discussed later in more detail. The equal footing of 
actions and states is reflected in nets by the deflnition of places and transitions 
on the same level. So the following deflnition is the most common answer to the 
question “What is a Petri net?” 

The usual definition of a “core” Petri net 

A Petri net is a directed graph with two kinds of nodes, 

interpreted as places and transitions, 

such that no arc connects two nodes of the same kind. 

Places of a Petri net are usually represented by round graphical objects (cir- 
cles or ellipses), and transitions by rectangular objects (boxes or squares), as 
shown in Figures EandQ. There is a standard arc type between vertices of differ- 
ent type representing the flow relation, as shown in the figures. This convention 
makes it easy to guarantee a rough understanding of any Petri net without ad- 
ditional legend. One of the main advantages of the Unified Modeling Language 
(UML, see m) is that it unifies the shape of vertices and arcs in its diagrams 
that have been used in a contradictory way in different languages before. Like- 
wise, the consistent use of graphical symbols for Petri net objects is one of the 
main reasons for the worldwide and long standing success of Petri nets. When- 
ever someone acquainted with Petri nets is confronted with a new variant, the 
general interpretation of places and transitions does not have to be explained 
and gives no rise to misunderstandings. So Petri nets play the role of a “Unified 
Process Language” since a long time. 

Sometimes the use of only circles and squares is considered a disadvantage. 
Instead of circles or squares, special symbols representing the actual type of 
the represented system component can be used. Branches at transitions or at 
places can be substituted by special branching nodes. These variants are - among 
others - implemented in many commercial Petri net tools. The vendors claim 
that the readability of their models is improved by the graphical extensions. 
This might sometimes be true, but there is the danger of inconsistency between 
different products. Moreover, an increasing number of features leads to an in- 
creasing number of modeling errors. Someone only familiar with such a specific 
application-dependent notion can not understand an example net given in an- 
other proprietary notation. However, as long as additional graphical notions have 





6 



Jorg Desel and Gabriel Juhas 



a unique and easy translation to traditional Petri net components, a good knowl- 
edge about Petri nets will help to understand any such model. In this way, Petri 
nets - including their graphical representation - can be seen as an “interlingua” 
for many different related modeling languages. 



3 A Precise Mathematical Language 

One might say that this answer to the question raised in this paper is a matter 
of course. However, often the mathematics, and particularly its presentation, is 
the reason to consider Petri nets difficult for users. As mentioned in the previous 
section, it is the graphical representation of a net which is actually used in 
practice and which can easily be understood. So why do we need any further 
mathematical foundation? And what does it mean for a modeling language to be 
precise? The answer to these questions concerns two parts: syntax and semantics. 

There are different ways to specify a class of nets syntactically. Well-known 
examples are restricted classes such as free-choice Petri nets |S| where the local 
vicinities of net objects are restricted in a characteristic way. Another frequently 
used possibility is given by the class of all nets that are generated from an initial 
one using a given set of production rules. Such Petri net grammars can be used 
for a syntactic formulation of a Petri net class, defining exactly which Petri nets 
belong to that class. 

We consider here another way to deal with the syntax of Petri nets; each 
Petri net should have a precise syntax. In other words, it should be clear what 
kind of objects belong to a given Petri net and which objects do not belong to it. 
This syntax differs for different classes of Petri nets. It turns out that this kind of 
formal syntax can be more conveniently be given in terms of simple mathematics 
than in terms of the graphical representations. So for definition purposes, Petri 
nets are syntactically defined as annotated graphs in a mathematical setting. 
The usual notions equip tuples of sets, relations and mappings. The following 
definition shows an example. 

The mathematical definition of a place/transition Petri net 

A place/ transition net is a tuple {S, T, F, Mq, W,K), where 
S is the set of places, 

T is the set of transitions, 

F is the flow relation, 

Mq is the initial marking, 

formally given as a mapping from S to the nonnegative integers, 

W maps arcs to positive numbers (arc weights) and 
K maps places to positive numbers (capacity restrictions). 

These objects have to satisfy some restrictions, such as Mq{s) < K{s) for each 
place s (no capacity restriction is violated initially). All these objects and restric- 
tions are very easy to explain using the graphical representation. For example, 
“no arc connects two places or two transitions” might be more plausible than the 
usual expression F C {S xT)U{T x S). But all the used objects and restrictions 
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have to be precise enough that an equivalent mathematical formulation can be 
given in a simple and obvious way and such that there is no doubt how this for- 
mulation would look like. The tuple notion induces an order on the objects (in 
the above example, places before transitions before arcs before . . . ). This order 
does not imply valences of the used objects. It is just arbitrarily fixed for con- 
venience sake; the formulation “given a place/ transition net {A, B, C, D, E, F)” 
is the shortest way to define all components of a place/transition net. But the 
tuple-notion never represents the core idea of a Petri net. When teaching Petri 
net theory one should be careful not to emphasize this notion too much - it 
unnecessarily complicates the matter. 

When are two Petri nets identical? Using the mathematical definition, the 
answer is obvious: two nets are identical if and only if all their objects are pair- 
wise identical. This implies in particular that a different graphical representation 
of a Petri net does not change the Petri net. Conversely, two Petri nets which 
look the same, i.e. which have identical graphical representations, are not nec- 
essarily identical, assuming that the graphical representation does not include 
the identity of each single element. This is often not exactly what one would like 
to have. Instead, Petri nets that look the same should sometimes not be distin- 
guished. Imagine for example the net with a single (unmarked) place, a single 
transition and one arc from the place to the transition (arc-weights, capacities 
etc. are ignored for this example). Putting this description into mathematics 
one needs to define a place s, a transition t and an arc (s, t). There is no unique 
net that matches the above description, because the identity of the place and 
the identity of the transition is chosen arbitrarily. The net with place s' (where 
s yf s'), t and arc (s',t) is different to the one defined before. This difference 
is only meaningful if the net models something; then s and s' model different 
objects of the system domain. But syntax does not distinguish what is modeled. 
So, intuitively one is interested in the class of all nets which can be obtained 
from the original one by consistent renaming. In other words, the syntactical 
definition of a Petri net comes with the notion of an isomorphism relation. 

Isomorphism of Petri nets 

Two Petri nets are isomorphic if there are bijections 
between their respective sets of objects (places and transitions) 
which are respected by all annotations, relations and mappings 
that belong to the syntactical definition. 

The simple but important distinction between equality and isomorphism of 
Petri nets is only easily possible on a mathematical level. Intuitively, a single 
(graphical) Petri net is mathematically given by an isomorphism class of tuples, 
where each single tuple of the class has the same Petri net as its graphical 
representation. Isomorphism classes are particularly important for labeled Petri 
nets, i.e. nets where each element carries a label which establishes the connection 
to the modeled world. In a labeled Petri net, two distinct places can represent the 
same object and two distinct transitions the same action. For example, process 
nets representing partially ordered runs of other Petri nets are labeled Petri nets. 
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The same run can be represented by many isomorphic process nets (see the next 
section). 

What is the semantics of a Petri net? Taking the original meaning of the 
word “semantics”, the answer should associate objects of a net to objects of the 
modeled system. Considering also the dynamics of the net, the behavior of the 
net should correspond to the behavior of the modeled system. In the context 
of modeling languages, the term “semantics” is used in a different way, usually 
together with the prefix “formal” . A class of Petri nets has one (or several) formal 
semantics although the world of modeled systems is not considered at all when 
defining such a class. The formal semantics generically defines the behavior of 
each Petri net that belongs to the class, i.e. the role of each possible ingredient 
of a net with respect to behaviour is precisely defined by the semantics. Since 
Petri nets are defined by mathematics, so are their formal semantics. At this 
stage, we do not discuss different variants of semantics, because this will be the 
topic of the next section. 

Many modeling notions used in practice do not have a precise semantics. 
Defining a formal semantics is only possible for a notion possessing a formal 
syntax. Hence, without explicitly defining the syntax it is impossible to for- 
malize semantics. Some languages do have a formal syntax, with or without 
a mathematically given description, but no fixed semantics. These notions are 
frequently called “semi- formal” . It is often claimed that semi-formal modeling 
languages allow more flexibility and are hence better suited for practical appli- 
cations than formal modeling languages like Petri nets. Moreover, semi-formal 
models are said to be easier to understand and easier to learn. We claim that the 
opposite is true. The theory of Petri nets offers classes of nets where specific de- 
tails of the model are left open. For example, channel/agency nets define only the 
structure given by places, transitions and arcs together with the interpretations 
of these elements, but no behavior m- Place/transition nets identify all tokens 
and thus abstract from different token objects. Conflicts, i.e., different mutually 
exclusively enabled transitions, can be interpreted as incomplete specifications - 
the vicinity that decides which alternative will be chosen is missing. Most nets 
abstract from all notions of time. So there are various ways to express different 
kinds of vagueness. The important point is that it is always very clear which 
aspects are expressed by the net and which aspects are not. Many modeling 
notions outside the Petri net world exhibit moreover a kind of meta-vagueness. 
For these models, it is a matter of interpretation to decide which aspects are 
represented in the model and which are not. So flexibility concerns not only the 
model itself but also its interpretation - a feature that we do not consider de- 
sirable. Instead, it is much easier to understand a model and also the modeling 
language if there is a precise understanding about what has been modeled and 
how it is modeled. Only a precise mathematical language, such as given by most 
variants of Petri nets, provides sufficient clarity. 

As an example for a semi-formal notion, consider event-driven process chains 
(EPCs) ED- This language is a derivative of Petri nets. In the application field of 
business processes it has emerged to a quasi-standard. The major benefit of EPCs 
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is that they are integrated in a larger context containing additionally a data 
model and a structure model (the “house of ARIS ” EU). An EPC has three types 
of nodes, two comparable to places and transitions, and an additional node type 
for the logical connections AND, OR, and XOR (exclusive or). Not surprisingly, 
the OR connector raises severe problems. A binary OR-split is interpreted as 
follows. Either one of the output arcs or both arcs are chosen for forwarding the 
control. A binary OR-merge cannot be interpreted in such a simple way. After 
receiving the control from one input arc, either one has to wait for the control 
from the other arc or one can continue immediately which corresponds to the 
different possible decisions at the OR-split. This technical problem has led to 
quite a number of research activities (see e.g. |EI1), but there exists no really 
satisfying solution yet. The problem is that EPCs have no formal semantics. 
When asking experts in EPC modeling about the correct interpretation of an 
OR-merge in a difficult example, they come to very vague (and different) answers. 
Surprisingly, it is often claimed that EPCs are more compact, more appropriate 
and easier understandable than Petri nets in the application area of business 
processes. The paper |2| proves that they are not smaller than equivalent Petri 
nets in general. Nonetheless, the Petri net community should learn from EPCs 
which kind of concepts and which kind of links between concepts are necessary 
for successfully selling a modeling language together with an associated tool. 

4 A Structured Set of Activities that Remove 
and Add Tokens 

Most Petri net variants are equipped with a notion for behavior. Some variants, 
however, are not. For example, channel/agency nets do not have an explicit 
behavioral definition m- They are used as a first step when developing a Petri 
net model. Refinement and completion of a channel/ agency net leads to a more 
detailed model, which can then be equipped with behavior. 

In this section, we restrict our considerations to nets that do have a behavior. 

In contrast to all automata models and transition systems, a (global) state 
of a net is not a fundamental concept but it is constituted by local states of all 
places of the Petri net. States are formally represented by markings. A marking 
associates a set, multi-set, list etc. of tokens to each place, where tokens are 
elements of some domain. So a global state is only a derived concept (with the 
exception that the definition of a Petri net often contains initial or final global 
states). 

Principle of Distributiveness 

States are associated to places and thus distributed. 

A global state is constituted by all local states. 

In most cases the behavior of a net is formulated by means of a rule stating 
under which conditions a single transition can occur and stating the consequences 
of its occurrence, the so-called occurrence rule. It is one of the central principles of 
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Petri nets that both the enabling conditions and the consequences only concern 
the immediate vicinity of a transition. In other words, if the occurrence of a 
transition is related to the state of a place then there must be some arc connecting 
the transition and the place. 

1. Principle of Locality 

The conditions for enabling a transition, in a certain mode if applicable, 
only depend on local states of (some) places in its immediate vicinity. 

2. Principle of Locality 

The occurrence of an enabled transition only changes the local state of 
(some) places in its immediate vicinity. 

We formulated the locality principle in two parts because the relevant sets 
of places for enabledness and for change in the vicinity of a transition are not 
necessarily identical. For place/ transition nets, all places in the pre-set (i.e., 
sources of arcs leading to the transition) are relevant for enabling the transition, 
and places in the post-set (i.e., targets of arcs from the transition) only play a 
role when capacity restrictions are involved. The state is only changed for places 
which are either in the pre-set or in the post-set but not both (as long as arc 
weights are not considered). Moreover, the new state of a place depends on its 
previous value in place/transition nets, because a token is added. However, the 
relative change of the state of a place does not depend on its previous state. 
Given a transition, we can distinguish: 

a) places where the local state is relevant for enabling but is not changed (such 
as read places or inhibitor places), 

b) places where the local state is relevant for enabling and is changed by the 
transition occurrence (places in the pre-set in case of place/transition nets 
without capacity restrictions), and 

c) places where the local state is not relevant for enabling but is changed by 
the transition occurrence (places in the post-set in case of place/transition 
nets without capacity restrictions). 

Orthogonally, places where the local state is changed by the transition occurrence 
(cases (b) and (c)) can be divided into: 

1) places where the new local state depends on its previous value (places in the 
pre-set and places in the post-set in case of place/transition nets), and 

2) places where the new state does not depend on the previous one (such as 
places reset by the transition occurrence in case of nets with reset arcs). 

Often, the different role of the places is depicted by different arc types such as 
inhibitor arcs or reset arcs. When talking about the vicinity of a transition, we 
mean all places connected with the transition by an arbitrary arc. 

It might be worth mentioning that the majority of Petri net formalisms con- 
siders test-and-set-operations elementary, i.e. reading a local state and changing 
it depending on the previous value is considered one atomic action. These Petri 
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net formalisms have no difficulty with simultaneous access to different places, 
even if these places model conditions at different locations. The general paradigm 
is the one of removing and adding tokens. It can even be phrased as: 

The Token Flow Paradigm 

Tokens flow with infinite speed from place to place, 

sometimes they mutate, join or split in transitions. 

Perhaps surprisingly, read actions (case (a)) and write actions (case (c),(2)) 
are not that usual in the Petri net literature. As explained above, reading the 
state of a place means that this place is relevant for a respective transition 
but the state of this place is not changed by the occurrence of the transition. 
Although concurrent read is an essential operation in most areas of computer 
science, many semantics of Petri nets do not allow any concurrent access to the 
tokens of a place (see El). Likewise, writing is a central issue in other areas 
of computer science but there is hardly any corresponding concept in the Petri 
net literature. Petri nets with reset arcs are an exception, but they model only 
the special case that a place looses all tokens when the corresponding transition 
occurs. More generally, writing the local state of a place means changing the 
state arbitrarily without taking the previous state into account. The only way 
to model writing with Petri nets is by synchronous removing the old tokens 
and adding new ones. It needs a special variant of high-level nets to perform 
arbitrary removing with a single transition, such that the previous local state 
has no influence on any new state (see jS|). 

There are generalizations of the occurrence rule concerning the simultaneous 
occurrence of many transitions. These variants still obey the principle of locality, 
because the vicinities of all simultaneous transitions have to be considered. 

5 A Compact Way to Specify Behavior 

The behavior of a Petri net does not only concern occurrences of single transition 
but sets of occurring transitions which can be in different relations such as causal 
relationship, concurrency, choice, or being totally ordered. The behavior can also 
include intermediate local or global states or the final global state and possible 
continuations from these states. Different ways to describe the behavior of Petri 
nets are given by different semantics of the respective Petri net classes. 

Given a model of a dynamic system, the behavior of the model should be in 
a close relationship to the system’s behaviour. If the model is executable, i.e. if 
it has a defined semantics, then runs of the model can be generated. These runs 
correspond to the runs of the system. Analysis of the model’s behaviour yields 
information about the system’s behaviour. In this section we concentrate on the 
question how to formalize the behavior of a net. Since the behavior is the most 
interesting aspect of a model, one can phrase this question also as: What kind 
of behavior is represented by a Petri net? 

We will not discuss different semantics in detail. Other contributions to this 
book are devoted to this topic 14111 11^ Instead, we provide a rough landscape 
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of different behavioral notions that can be formulated for arbitrary Petri net 
variants that are equipped with dynamic behaviour, formulated by means of an 
occurrence rule. 

We distinguish different ways to formalize single runs, namely sequences, 
causal runs and arbitrary partially ordered runs. Orthogonally, we distinguish 
single runs, tree-like structures representing more than one run, and graphs, 
representing all runs and taking cyclic behavior into account. 

5.1 Runs 

Given a Petri net with initial marking, not only a single transition can occur but 
also sets of transitions, constituting a run. We call the occurrence of a transition 
in a run an event. In the sequel, runs for different semantics will be sketched. 
For each semantics, we provide a Petri net notation for its runs. 

The behavior of a net is a net 

Runs of Petri nets consist of events and pre- and post-conditions 

that generate a (partial) order. 

Runs can always be represented by nets. 

For sequential semantics, representing runs by nets is not usual. Instead, 
often words or sequences are used to formalize totally ordered runs. Automata- 
like trees and graphs represent the entire behavior. In this paper, we represent 
all types of runs by Petri nets. An obvious advantage is that, using this unifying 
approach, different semantics can be easier related and compared which each 
other. However, we do not claim that this representation is better readable than 
alternative graphical or textual representations. 

In the sequel, the Petri net modeling a system will be called system net, to 
avoid confusion. 

An occurrence sequence describes a sequential view on a single run. In the 
initial state, some transition can occur yielding a follower state. In this state, 
again some transition occurs, and so on. Hence the events of an occurrence se- 
quence are totally ordered and can be represented by a sequence of transition 
names (as the name occurrence sequence suggests): t\t2 ■ ■ ■ tn for finite occur- 
rence sequences with n events or t2 ts ... for infinite occurrence sequences. 
Notice that, for i ^ j, ti and tj might denote the same transition. Sometimes all 
intermediate global states are represented as well. However, they do not provide 
any additional information because each global state can be calculated from the 
subsequence leading to it and the initial state, using the occurrence rule. 

A sequential run can also be conveniently represented by a very simple Petri 
net, where places represent tokens and transitions represent events. An example 
is shown in FigureEl In general, each place in the pre-set of a transition represents 
a token of the marking enabling that transition, and similarly for post-sets. In 
this example, the number of tokens is two for all markings, but this is not the 
case in general. The net representation of an occurrence sequence is unique up 
to isomorphism. 
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Fig. 3. A Petri net representing the occurence sequence beace of the system net from 
Figure 0 




B 

Fig. 4. A process net of the system net from Figure Q 



A process net is a Petri net representing all events of a run and their mutual 
causal dependencies. Any such dependency states that a transition can only 
occur after another transition has occurred. General dependencies are generated 
by immediate dependencies, stating that a transition occurrence creates a token 
that is used to enable the other transition. These tokens are represented by places 
of the process net. Reasons for immediate dependencies are always explicitly 
modeled in the system net. So there is a close connection between the vicinities 
of a transition representing an event of a process net and the vicinity of the 
corresponding transition of the system net. Process nets have specific syntactic 
restrictions: 

— Each place has at most one input transition and at most one output tran- 
sition, representing the creation and the deletion of a token instance in one 
single run. 

— The places with empty pre-set correspond to the initial token distribution 
which is given by the initial state. 

— The relation “connected by a directed path” is a partial order, i.e., a process 
net contains no cycles. This is due to the fact that this relation represents 
the dependency relation, which obviously is acyclic. 

Figure El shows an example of a process net. 

The next semantics under consideration is given by arbitrary partially ordered 
runs. Process nets induce partially ordered sets of events. Occurrence sequences 
induce totally ordered sets of events. Sometimes arbitrary partial orders which 
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Fig. 5. A Petri net representing the process term (6 ; (a + e) ; c ; e) of the system net 
from Figure 0 




define more dependencies than a process net and less dependencies than an 
occurrence sequence are useful. For example, when a Petri net variant contains 
timing information then it might be useful to define a relation “later than” . This 
relation can express that an event occurs after another event, even when there 
is no token that constitutes an explicit dependency between the events. 

Another example is given by a so-called process term semantics (see e.g. 

A process term such as (6 ; (a -h e) ; c ; e) is a generalization of the sequence 
representation of a sequential run. It describes that transitions a and e occur 
concurrently, both after b, and both before c, which occurs before e. A Petri net 
representation of this term is given in FigureEl As discussed in process terms 
do not have the expressive power to describe arbitrary process nets. However, 
sets of process terms can be used to specify an arbitrary process net. 

Steps represent sets of simultaneous events. Simultaneous occurrences and 
concurrent occurrences of transition are different in general. Being simultaneous 
is a transitive relation whereas concurrency is not (in the above example of 
process nets, the events labeled by b and e are concurrent, the events labeled by 
e and a are concurrent but the events labeled by b and a are not concurrent). In 
general, concurrent events can occur in a step but not each step refers to a set 
of concurrent events. A Petri net representation of the run given by the process 
net of Figure Elusing the step {b, e} is shown in Figure 0 








‘What Is a Petri Net?” Informal Answers for the Informed Reader 



15 



Since a run can be infinite, all the mathematical objects corresponding to 
the above representations of a run can be infinite as well. 

5.2 Trees 

Two different runs can start identically and then proceed differently. A compact 
representation of these runs contains the common prefix only once and then 
splits for the different continuations. This representation also explicitly shows 
after which events there exist alternative continuations (in Petri net theory, alter- 
natives are also called choices or conflicts). This construction can be performed 
for arbitrary sets of runs and for all representations of runs listed above. Taking 
the Petri net representation of occurrence sequences and our above example, the 
occurrence tree of Figure Q is obtained this way. Notice that this net, seen as a 
graph, is not really a tree but only a tree-like structure which we call tree by 
abuse of notation. When markings are represented by single vertices, which is 
the usual way to draw occurrence sequences, then the resulting graph actually 
is a tree. 

If the reason for constructing an occurrence tree is only to identify the set of 
reachable markings, then it is not necessary to consider any event leading to a 
marking that was already identified as reachable before. In our example shown 
in Figure 0 it suffices to consider the occurrence sequences e b and b because 
the marking reached after e d or 6 a is the initial marking, the marking reached 
after e c is also reached after b and the marking reached after 5 e is also reached 
after e b (these are all possible continuations). In other words, we can cut the 
complete tree after the occurrence of e 6 and after the occurrence of b. 

In the example, any sequential construction of the occurrence tree will stop 
after three events if the above cut criterion is used. In general, a Petri net 
can have infinitely many different reachable markings. Then there still exists a 
finite tree-like structure that provides at least some information on the reachable 
markings: If the above stop criterion is changed to: “stop if a transition that 
occurred previously produced a marking that is smaller than the one produced 
by the current transition” then the so-called coverability tree is obtained (see 
0 ). 

Tree-like structures can also be constructed from process nets. The resulting 
nets are called unfoldings of the system net. Again, cut criteria can be used 
to obtain finite representations of the behavior. For unfoldings representing all 
process nets, these criteria are given by cut-off transitions, as defined in PS|. A 
similar concept can be used for unfoldings obtained from an arbitrary subset of 
process nets m- 

When process terms do not only have operators for sequential and concurrent 
composition but moreover allow to express alternatives, then the corresponding 
Petri net representation is a tree-like structure obtained by glueing common 
prefixes of their Petri net representations. Likewise, it is not difficult to define a 
corresponding concept for steps. 
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5.3 Graphs 

In addition to the glueing of common prefixes of runs, one can identify sets of 
places that represent the same marking, to be explained next. In the previous 
subsection we suggested to stop the tree construction when the post-set of an 
event represents a marking that is already represented by the places of the post- 
set of another event. The next step to obtain graphs is simply performed by 
adding the new event and drawing arcs from it to all places of the set of places 
that represent the reached marking. The graph obtained this way is the reach- 
ability graph of the system net. Actually, the usual definition of a reachability 
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Fig. 8. A Petri net identifying all reachable markings of the system net from Figure 0 

d 



AD AB 




d 

Fig. 9. The reachability graph of the system net from Figure Q 



graph employs markings as nodes and transitions as arc labels, see FigureEl It is 
not difficult to see that our Petri net notion of reachability graphs is equivalent, 
see Figure E3 

Similarly, one can construct coverability graphs from coverability trees to 
obtain a smaller representation of the entire behavior. Steps can also be taken 
into account in reachability graphs in the obvious way. However, for process 
nets and other Petri nets describing partially ordered runs or trees there is no 
obvious way to construct graphs representing the entire behavior. The reason is 
that markings of these nets are properly distributed. In fact, glueing all places 
and transitions with respective equal label usually resembles the original net, 
and in this case nothing is gained by the construction. 

For process terms, loops in the corresponding graphs correspond to additional 
operators for iteration. 
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Fig. 10. The Petri net representing the reachability graph of the system net from 
Figure Q] 



6 A Formalism Equipped with Analysis Methods 

A considerable amount of the huge number of Petri net articles published in 
the past thirty year is devoted to the analysis of Petri nets. Clearly, here is no 
space to give a survey of all these results. Instead, we provide a classification of 
different methods that are often summarized under the word “analysis” . 

6.1 Simulation 

Simulation means creation and investigation of runs. In most cases, not all runs 
of a model can be generated. Runs might be infinite, and the set of runs might be 
infinite. But even in the case of finitely many finite runs their number often is too 
large to allow a complete simulation of all runs of a given Petri net. Therefore, 
simulation usually considers only a part of the system’s behavior. Like testing 
of programs, simulation can thus only identify undesirable behavior but cannot 
prove the correctness of a model, as long as not all possible runs of a model are 
simulated. 

Simulation can be performed by playing the token game by hand or even in 
mind. This procedure is quite error-prone. When finding an undesirable behavior, 
it is hard to say whether the identified error is due to a design error or to a 
simulation error. Therefore simulation is usually done by computer tools. 

Many simulation tools just offer a visualization of the token game such that 
the constructed run is represented only implicitly. Other tools create runs which 
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can be represented to the user and also can be input to further analysis. For ex- 
ample, the VIPtool m creates process nets which can be analyzed with respect 
to a given specification. 

There are other applications of simulation approaches in the context of perfor- 
mance evaluation, where quantitative measures, e.g. about the average through- 
put time of a system, are derived in a simulative way. 



6.2 Analysis 

Analysis in a narrow sense means to gain information about a Petri net model. 
For example, results of analysis can be the information on deadlock-freedom, 
liveness, boundedness and the like. Analysis can also yield information which is 
useful for proof methods. For example, an analysis tool can calculate a set of 
place invariants (see below). 

Analysis of syntactical properties such as the free-choice property jS|, strong 
connectedness etc. are based on the structure of the net, whereas analysis of 
behavioral properties such as deadlock-freedom usually needs the construction 
of a tree or graph representing the behavior. For many properties of general Petri 
nets it can be proven that essentially there does not exist any more efficient way 
to decide the property cni. Exceptions only exist for subclasses of Petri nets 
such as free-choice nets. 

Quantitative analysis provides quantitative results. In contrast to simulation, 
quantitative analysis computes these results from quantitative parameters and 
attributes associated to a Petri net. 

6.3 Verification 

The term “Verification” often comes along with the term “specification”. Veri- 
fication finds out whether a given specification holds true. There are numerous 
ways to formulate a specification. Like analysis, a typical approach to verifica- 
tion is based on the construction of the reachability graph of a Petri net which is 
then further investigated. More efficient approaches construct reduced reachabil- 
ity graphs that still carry all the information that is relevant for verification. For 
example, reachability graphs can be reduced by employing symmetries and meth- 
ods reducing the redundancy which is caused by concurrency. In particular, the 
so-called stubborn set method m has proved to yield significant reductions of 
reachability graphs without spoiling information about the possible enabledness 
of transitions. An alternative efficient approach to verification employs unfold- 
ings of nets, i.e. a behavior description based on process nets, see HH]. 

6.4 Semi-decision Methods 

A semi-decision method is a method for verifying a given property which has 
either the possible answers “yes” and “don’t know” or the possible answers 
“no” and “don’t know”. Thus, one possible output provides a useful information 
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whereas the other one just states that this method is of no use in the current 
case. 

A well-known example for an efhcient semi-decision method for deciding 
reachability of a marking of a place/transition net is given by the marking 
equation: For every reachable marking this equation system has a nonnegative 
integer- valued solution. A marking is proven to be unreachable if it is shown that 
no such solution exists, whereas the existence of a solution does not prove any- 
thing. Weaker but more efficient methods look for arbitrary integral solutions, 
for nonnegative rational- valued solutions or even for rational- valued solutions. 
For a discussion of the respective expressive power and the complexity of these 
approaches, see 0. 



6.5 Proof Methods 

The most prominent formal concepts for Petri net analysis are place invariants 
for almost all variants of Petri nets and siphons and traps for place/transition 
nets. Perhaps surprisingly, these concepts are of little use for analysis in the 
narrow sense of I6.2L Usually the existence of a specific place invariant is not a 
property relevant for a user. In general, the number of minimal (non-negative 
non-zero integral) place invariants, the number of siphons and the number of 
traps can grow exponentially with the size of the net. So even an enumeration 
of these objects is not feasible. 

Instead, place invariants, siphons and traps can be used very elegantly for 
proving that a desirable property holds. However, the user has to find the nec- 
essary invariants, traps and siphons first. Tools can help to verify that a sug- 
gested invariant actually is an invariant of the investigated net. Place invariants 
have close relations to the semi-decision method based on the marking equa- 
tion. Namely, there is a place invariant for proving a property if and only if 
the marking equation has no rational-valued solution. A similar result holds for 
so-called modulo place-invariants and integral solutions of the marking equation 
0. In this sense, the proof methods based on these concepts can be viewed as 
nondeterministic semi-decision algorithms; if the right place invariant, siphon, 
or trap is guessed, then its characteristic property can esily be verified and it 
can be used to prove the desired property. 

Place invariants, siphons and traps are based on simple arguments on asser- 
tions; the associated properties are preserved by arbitrary change from a (not 
necessarily reachable) marking to a follower marking that is allowed by the oc- 
currence rule. Actually, only the changes from reachable markings are relevant. 
The restricted expressive power is due to the possibility that the property under 
consideration is not preserved by an unreachable marking change, and hence 
the argument cannot be used, although it might be preserved for all reachable 
changes. However, the restriction to reachable changes is not easy because it re- 
quires the construction of all reachable markings. In most cases this construction 
is very time consuming and provides an immediate proof of the desired property 
without using assertions. 
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6.6 Validation 

Whereas verification checks a model against a given specification, validation 
checks a model against the modeled system or against desired properties of the 
system. If the model is not correct then analysis and verification of the model is 
of little use because in this case the behavior of the system might significantly 
differ from the behavior of the model. 

Validation of a model means to compare the model with either the existing 
system or a planned system where some properties are known. It can be done on 
a structural level by comparing all the components (elements and connections) 
of the model with reality. A further step in validation uses simulation: Simulated 
runs of the model should correspond to runs of the system and vice versa. Ver- 
ification and analysis can also be used; when applied to the model, the results 
should coincide with corresponding properties expected from the system. 

The investigation of a system by analysis of its model only makes sense if the 
model can be assumed to be valid. So it is useful to proceed in two steps: First 
the above mentioned methods are applied to ensure that the model is correct 
with respect to the modeled system, i.e., that it is valid. After that, it can be 
assumed that the model’s behavior and the system’s behavior are closely related, 
and further application of the above methods to the model provides information 
about the system’s behavior. 

7 A Model of a Distributed System 

Complex distributed systems with a large number of connected components ex- 
hibit a very complex behavior. Every component might depend in some way on 
each other component. The set of global states reachable by consecutive transi- 
tion occurrences often grows exponentially in the size of the system. The central 
feature of Petri net theory is that 

Petri nets can manage the complexity of large systems. 

Instead of yielding rapidly growing state spaces, the number of places grows 
linearly with the size of the modeled system. The reachable states do not have 
to be represented explicitly but are implicitly given by the many combinations 
of local states. Instead of explicitly stating all direct or indirect dependencies, 
only the immediate dependencies are represented - other dependencies follow 
transitively in runs of the model. It does not matter whether transitions and 
their vicinities are taken as elementary building blocks, as discussed in Section 
0 or whether places and their vicinities representing the relevant actions are 
considered. The result is the same: a Petri net. This way of modeling has not 
only the advantage of keeping the complexity of the model manageable, it also 
resembles the modular structure of the modeled system. 

However, in general the single components of a system and their connections 
cannot be identified in its Petri net model. Petri nets are not equipped with 
notions for physical distribution, channels, messages or locality (at least, this 
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holds for the most common Petri net variants). The lack of these apparently 
important concepts is often claimed to be a disadvantage of Petri nets. Other 
modeling languages are based on local components, have means for communi- 
cation such as message passing or synchronization and provide elegant ways for 
composing components, refinement of components etc. 

Comparing Petri nets with such notions, it turns out that Petri nets support 
all these concepts as well. Since Petri nets constitute a very general language, 
different concepts for locality, refinement, composition and communication can 
be expressed. 

When using Petri nets for modeling distributed systems of a specific kind, this 
model is easier to understand when its components, the communication between 
components etc. are easily identified in the model. Since in conventional Petri 
nets the information about these concepts is lost, it is useful to define languages 
that are based on Petri nets but restrict to certain macros defining possible 
building blocks in a given paradigm. Petri nets are general enough such that 
this kind of macros can be easily defined for different modeling paradigms. On 
this macro level, it is easy to understand the model from a behavioral view, 
because the model is still a Petri net. It is also easy to identify components and 
communication because they are formulated in terms of macros. By definition of 
the macros, restricting to certain sets of macros ensures that the model obeys the 
rule for the given paradigm. For example, a model of a message-passing system 
can not use a macro representing a shared variable. Here are some examples for 
suitable macros: 

A local component can be given by a subnet which is connected to other sub- 
nets in a very restricted way. Different states of a component can be represented 
by different places or by a single high-level place (i.e., a place of a high-level 
Petri net). It is useful to give a graphical representation for the subnets that 
represent components. In a more compact representation, a single subnet of a 
high-level net might represent a set of similar components m 

A variable can be represented by a special kind of place that is only connected 
to transitions that read or write the variable (see Section 4). It is useful to give 
a special graphical representation for variables. 

A message channel can be represented by a specific place. Only transitions 
of components that actually have access to the channel can remove a token. 
Sometimes a channel is represented as a chain of places and transitions. In this 
case it is useful to provide a coarser view by a single place that is refined to this 
chain. 

Synchronous communication can only be applied to transitions that model 
interfaces of components. It is useful to provide a graphical representation for 
these transitions. When synchronized, two transitions occur together. This can 
either be defined as part of the semantics or an additional common transition is 
introduced. 

The concept of Asymmetric Synchronization means that a transition can 
only occur together with another transition, which in turn can only occur alone 
if the first one is not enabled mm- This concept frequently occurs when 
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modeling modular technical systems. There exist translations to traditional Petri 
nets. However, the number of transitions in such translation can grow rapidly. 
Also, a macro notation using special event arcs keeps the nets more readable. 



8 Conclusion 

This paper presented the author’s selection of possible readings of Petri nets, 
commenting on them from the personal perspective. It was not meant to be 
technical and attempted no comparisons between models, nor between different 
variants of nets. Instead, it tried to concentrate on the common grounds of Petri 
net variants. There would have been hundreds of opportunities to add references 
to other work but the authors avoided to create an annotated bibliography. So 
also the selection of pointers to the literature was a (sometimes biased) personal 
choice. 

Some readers my feel that some topics should have been treated in greater 
detail, or in a more technical fashion. We will end the paper with a couple of 
links to further readings which we left out because their respective topics concern 
only a part of the world of Petri nets. 

There exists prosperous research on Petri nets equipped with time. Time can 
be associated to transitions, to places, or to arcs. Time can be deterministic, i.e., 
the occurrence of a transition always lasts the same amount of time, or it can 
be stochastic. Timed Petri nets and the concept of concurrent runs are not a 
very good match but they do not totally exclude each other. The major part of 
research on timed Petri net is considered with performance evaluation, i.e. with 
the calculation and estimation of throughput time, delays etc. of the modeled 
systems. 

As mentioned at some places above, there are different levels of Petri nets 
- from low-level to high-level. Actually, this dimension allows for many more 
variants than suggested by these terms. Different high-level Petri nets emphasize 
a syntactial view or a semantical view or a functional view etc. On the highest 
level in this classification, a Petri net represents an entire class of models which 
all satisfy a syntactically given specification. These nets are called algebraic 
Petri nets. They involve algebraic specifications. Any interpretation of such a 
specification leads to another concrete Petri net. 

There exists very many translations and correspondences between Petri nets 
and other formalisms for concurrent systems, some of them mentioned above. 
A related topic is the integration of nets and other formalisms. For example, 
transitions can be inscribed by expressions of a programming language. Then 
every occurrence of a transition corresponds to a run of the respective program, 
taking the tokens as input and output values. Other integrating approaches 
combine Petri nets with formal data models. When Petri nets are used in the 
process of system design then there is no way of using them totally separated 
from other methods. So integration concepts, as well as respective tools, are 
necessary. Although some solutions in this directions have been developed in the 
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last years, we consider this research direction most urgent to further disseminate 
the very idea of Petri nets in practical applications. 
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Abstract This paper presents an overview of the »Petri Net Baukas- 
ten« developed by the “DFG-Forschergruppe Petrinetz-Techno- 
logie” in Berlin. The »Petri Net Baukasten« provides a unified pre- 
sentation with different views on theory, application, and tools of Petri 
nets: The Expert View, the Application Developer View, and the Tool 
Developer View. All of these views are related to a Common Base, which 
comprises Petri net notions in a semiformal description. The relations 
establish so-called Petri net techniques given by a combination of Petri 
net types, corresponding methodological procedures, formalizations, and 
tools from the different views. The »Petri Net Baukasten« represents 
the Petri net techniques in a structured and application-oriented way, 
which yields an application oriented Petri net technology. It bridges the 
gap between theory, practice and tools for Petri nets. In this paper the 
basic concepts are summarized. 



1 Introduction 

Within the last four decades of research on Petri nets numerous Petri net no- 
tions and methods as well as tools and tool environments have evolved. These 
have been successfully employed in various application areas, such as automatic 
production, control systems, workflow management etc. In such large scale ap- 
plications different Petri net variants, called Petri net types, can be employed. 
A Petri net type represents a Petri net variant including a set of techniques 
based on that variant like structuring, analysis, and verification techniques. To 
identify the adequate Petri net types and a method for the employment of Petri 
nets within the system development process for a specific application domain 
is still a difficult task. Hence, there is a strong need for a structured access to 
various Petri net techniques comprising methodological procedures, tool sup- 
port and formal techniques. A structured presentation of various methods and 
techniques is called a technology. The strong motivation for such a technology 
derives from the rich and diverse Petri net theory and its various applications 
[IHei85tlenH7lsaT99] . 

* This work is part of the joint research project “DFG-Forschergruppe Petrinetz— 
Technologie” between H. Weber (Coordinator), H. Ehrig (both from the Technical 
University Berlin) and W. Reisig (Humboldt-Universitat zu Berlin), supported by 
the German Research Council (DFG). 
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In this paper we give an overview over such a technology, called »Petri 
Net Baukasten«, which has been previously presented in |WEI{.99ll)K(I99j . The 
>Petri Net Baukasten« provides a classification of Petri nets and corresponding 
notions independent of their use in applications, their formalizations, and tool 
support. The semi- formal classification is given by class diagrams that describe 
Petri net types and its notions. It is represented using UML and constitutes the 
base of the »Petri Net Baukasten«, called the Common Base. 

These representations of Petri net notions are given in specific views. They 
concern the use of the Petri net notions within a certain application domain, 
their formalization in the theory of Petri nets, and their implementation as 
Petri net tools. Hence, these views are called Application Developer View, Expert 
View, and Tool Developer View respectively. One of the distinguished application 
domains of the research group Petrinetz-Technologie is the area of business 
processes [I J(I9 IIMOSD.'tlA I K )l)l)j . Various Petri net techniques provide excellent 
means for the description of business processes and hence represent a good basis 
for business process management. These techniques allow the visualization, the 
formal description, early evaluation as well as verification of business processes. 
Although developed with special attention to the area of business processes, we 
claim that the »Petri Net Baukasten« is equally useful for other application 
domains like the application domain of traffic control systems. 

This paper is organized as follows: in Section 0we define the notion of Petri 
net technology and show that the »Petri Net Baukasten« is such a technology. 
In Section 0 to El we present an overview of the Common Base and the different 
views of the >Petri Net Baukasten«. These sections are mainly extracts of the 
corresponding parts of IWLBnHCai99pWeb99| and describe the different views 
on a conceptual level. In Section |7| we discuss installments, maintenance and 
evolution of the »Petri Net Baukasten<K. In the appendix we present the Expert 
View in more detail. Details of the other views and further results can be found 
in IW!.P()1IEW()1I of this volume and in IDkCfifilPadfifilDehfifilWehfifil . 
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2 Petri Net Technology and the »Petri Net Baukasten<s 

In this section we want to explain the notions Petrinetz-Teghnologie and 
»Petri Net Baukasten«: and we will show that the »Petri Net Baukasten« is 
an application oriented Petrinetz-Teghnologie. 
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2.1 Petrinetz-Technologie 

We start with the general definitions of “technology”, “method”, and “tech- 
nique” according to WWWebster |MWH9| . 

A technology is in general a manner of accomplishing a task especially 
using technical processes, methods, or knowledge. 

A method is a discipline that deals with the principles and techniques 
of scientific inquiry. It implies an orderly logical effective arrangement 
usually in steps. 

A technique is a body of technical methods as in a craft or in scientific 
research. 

According to these general definitions we define a Petri net technology to be a 
Petri net based manner of accomplishing the task of system development using 
methods for employing Petri net techniques. A method deals with principles 
of employing Petri net techniques that in general should answer the following 
questions: 

— What kind of Petri net techniques should be used? 

A distinguished set of Petri net techniques constitutes the body of a method. 

— How do these Petri net techniques help to accomplish a given task? 

There has to be a method how to use the different Petri net techniques in 
order to accomplish a given task. 

— What support for these Petri net techniques is available? 

Method, formal foundation, and tool support for the chosen Petri net tech- 
niques should be named, if available. 

— Are these Petri net techniques reliable? 

Those of the chosen Petri net techniques, that have a formal foundation, and 
the kind of formal consistency, that can be obtained, should be stated. 

— How to use the different Petri net techniques? 

Methodological procedures for the use of the different Petri net techniques 
should be provided, if they are available. 

A Petri net technology is called application oriented if it is suitable for system 
development in different application domains and allows an application domain 
specific interpretation of Petri net notions. 

2.2 The »Petri Net Baukasten« 

As mentioned already in the introduction the research group Petrinetz-Tech- 
NOLOGIE has developed the »Petri Net Baukasten«, documented in [WEP.DDj . 
[inPCflflj to enable a more straight forward understanding of Petri net types and 
the development of Petri net tools, to aid in the application of Petri net types, 
and to provide a unified represention of the formal definition of Petri net types. 
The »Petri Net Baukasten« includes a classification concept for Petri nets that 
serves these purposes. Moreover, the concept of the »Petri Net Baukasten« is 
governed by the following basic requirements. 
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— The »Petri Net Baukasten<s: has to provide different views for different pur- 
poses. 

— The classification of Petri net types has to be achieved in a semi-formal 
manner. 

— The »Petri Net Baukasten« has to comprise a large variety of Petri net 
types, which are important for certain application domains. 

— The >Petri Net Baukasten« has to provide for each Petri net type a rigor- 
ous (i. e. mathematical formal) description to ensure consistent techniques 
including analysis, structuring and verification. 

The >Petri Net Baukasten« supports the application developer, the tool 
developer and the Petri net expert in their different objectives. 

1. The Application Developer View enables an engineer developing an applica- 
tion 

— to use the application-oriented interpretation of Petri net notions, 

— to find the Petri net technique that serves him best in the development 
of the application, 

— to use the adequate method for developing the application, and 

— to rely on the chosen Petri net technique. 

2. The Expert View enables the Petri net expert 

— to define new types and notions in a uniform way, 

— to state properties of all variants of Petri nets in a formal and construc- 
tive manner, 

— to transfer results between net types, and 

— to make results and notions available for applications. 

3. The Tool Developer View enables tool developers 

— to find appropriate tools, 

— to fit tools together in a prototyping way, 

— to add and change tools and tool references, and 

— to provide tools and modular prototyping of tools. 

These three aspects describe the most important views on Petri nets. In 
order to systematize Petri net notions and to relate the different views a basic 
classification of Petri nets is provided. This classification includes different Petri 
net types, like place/transition nets and high-level Petri nets, and corresponding 
Petri net notions like structuring, verification, and analysis. The Petri net types 
are classified by attributes and attribute values. The classification is represented 
in the Common Base and connects the different views in the following way: A 
Petri net type in the Common Base comprises the notions that belong to a 
Petri net technique, the Application Developer View provides methodological 
procedures for the use of certain Petri net types and methods for the system 
development process, the Expert View represents the mathematical foundations 
for formal Petri net techniques, and the Tool Developer View provides tools and 
tool development facilities. 

The relationship of the three different views and their Common Base is de- 
picted in Figure [D The Common Base relates the different views and their rep- 
resentation of the same concepts, namely it describes Petri net notions which 
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Figure 1. The »Petri Net Baukasten« 



— interpreted in the application domain as a part of the Application Developer 
View, 

— formalized using mathematical definitions and propositions in the Expert 
View, and 

— implemented using algorithms and program code in the Tool Developer View. 

In the following we present a first overview of the concepts of the Common 
Base and the three different views which are given in Section in more detail. 
Finally, we show that the »Petri Net Baukasten« is an application-oriented 
Petrinetz-Technologie. 



2.3 Common Base 



The Common Base, see | |DehfifilWljHOH . encompasses all Petri net types rele- 
vant for a specific application domain, it integrates all these types into a common 
scheme and defines the relationship between the Petri net types. It is intended 
that the Common Base is structured as simple as possible and understandable to 
application developers, tool developers and Petri net experts alike. The structur- 
ing concept that is considered to be simple and still powerful enough to capture 
all the properties of the different Petri net types is a specialization/generalization 
relationship between the different Petri net types. The Petri net classification in 
the Common Base is a specialization hierarchy along distinguishing characteris- 
tics. This classification is represented in the Common Base using class diagrams 
of UML. The distinguishing characteristics are given in terms of attributes and 
attribute values. These describe Petri net notions on a conceptual level. The 
domain dependent interpretation of these concepts are part of the Application 
Developer View. The encoding into software belongs to the Tool Developer View 
and the mathematical formalization of these concepts is part of the Expert View. 
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2.4 Application Developer View 

The Application Developer View, see ll.eTTihhlWl.hi(m , provides the prerequisites 
for an application-oriented assistance of Petri net based development projects. 
The planning of development activities in an application domain is supported 
in the following way: The Application Developer View provides information for 
the planning of development activities, i. e. methods of employing Petri net tech- 
niques. This information supports the application developer to choose the appro- 
priate Petri net techniques, based on tools, methodological procedures and for- 
mal Petri net techniques for the development activities. Additionally, modelling 
activities are supported by sample and standard solutions, and methodological 
procedures for a chosen Petri net type. The Application Developer View includes 
information on Petri net notions and Petri net techniques in an application- and 
problem-oriented way. These so-called assistance concepts yield application do- 
main specific interpretations of Petri net notions of the Common Base. 

2.5 Expert View 

The Expert View provides the formal foundation of Petri net types in the »Petri 
Net Baukasten« in terms of a mathematical presentation of the underlying no- 
tions and results. The Expert View is given in a structured way. It comprises 
formal Petri net techniques, abstract Petri net frames, actualizations, and trans- 
formations. Each of these notions comprises a coherent and consistent piece of 
Petri net theory. Formal Petri net techniques, and transformations are directly 
related to the Common Base. Abstract Petri net frames, actualizations, and ab- 
stract transformations describe relation and dependencies of formal Petri net 
techniques and transformations on a more abstract level. Hence, these yield a 
uniform description of Petri nets as a foundation of the classification given in 
the Common Base. 

More details on the Expert View can be found in Section0and the Appendix. 



2.6 Tool Developer View 

The main task of the Tool Developer View, for details see IWehhhIEWOll , is to 
provide support for tool development. This comprises the management of exist- 
ing tools, facilities for tool development as well as possibilities to extend tools. 
Petri net tools support the Petri net based system development. They provide 
support for editing, simulating, structuring, and analyzing a Petri net variant. 
The management of existing tools is also important for the rest of the »Petri Net 
Baukasten«, since it offers tool support for the Petri net types of the Common 
Base. A Petri net tool corresponds to a Petri net type of the Common Base if 
it supports the notions comprised by that Petri net type. The Tool Developer 
View provides support for the development of tools in terms of object-oriented 
and parameterization concepts, a component-oriented approach for already ex- 
isting tools and encoded algorithms such that they become easily accessible. The 
Petri net type used in the encoded algorithm is given in the Common Base. The 
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formal representation of the algorithm is given in the corresponding formal Petri 
net technique in the Expert View. 

2.7 Relation of Common Base with Views 

The Common Base is related with the views according to different representa- 
tions of Petri net notions in the Common Base and the views. 

The notions given in the Common Base in an informal way by attributes are 
represented in the Application Developer View by application-oriented notions 
within a methodological procedure, explaining the use of these notions in a 
certain application domain. Within the Tool Developer View these notions are 
represented either as algorithms or as tools. The Expert View provides consistent 
formal Petri net techniques for the Petri net type given in the Common Base. 
As an example the notion marking of a Petri net may be considered 

— in the Common Base to be a distribution of tokens over places indicating 
the state of the net, 

— in the Application Developer View to be a representation of documents and 
business objects in different processes, 

— in the Tool Developer View to be a record of places, and 

— in the Expert View to be an element of the free commutative monoid over 
the set of places. 

The specialization hierarchy of the Common Base can be used for the navi- 
gation with respect to all three views. It allows embedding of new tools or new 
theoretical results and making them available for practice. 



2.8 Petri Net Techniques in the »Petri Net Baukasten« 

The 2>Petri Net Baukasten« provides different methods and Petri net techniques, 
that serve the task of system development. A method consists of the combination 
of various Petri net techniques. A Petri net technique is built up by a consistent 
set of Petri net types, formal Petri net techniques, methodological procedures, 
and tools. We illustrate a specific method in Figure El which is the sequence 
of three Petri net techniques where transformations between different Petri net 
techniques are indicated by arrows. 

The »Petri Net Baukasten« is an application oriented Petri net technology 
in the sense of Section I7TI since 

— it establishes the base for a systematic practice for employing Petri nets in 
different application domains, 

— it comprises different ways of the accomplishment of the task of system 
development, 

— it allows an application domain specific interpretation of Petri net notions, 
and 

— it provides well-defined Petri net techniques and methods. 
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Figure 2. A Petri Net Method 



In particular, the general questions concerning Petri net techniques given in 
Section o can be answered now in case of the »Petri Net Baukastenc 



— What kind of Petri net techniques should be used? 

Petri net techniques based on Petri net types are given in the Application 
Developer View for different application domains. 

— How do these Petri net techniques help to accomplish a given task? 

The Petri net techniques are combined to a Petri net method (see Figure 0 
given in the Application Developer View in order to accomplish a specific 
task for suitable application domains. 

— What support for these Petri net techniques is available? 

A Petri net technique is supported by methodological procedures, formal 
Petri net techniques, and Petri net tools in the three views of the »Petri Net 
Baukasten«. 
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— Are these Petri net techniques reliable? 

There are corresponding consistent formal Petri net techniques in the Expert 
View, which are the basis for reliability. 

— How to use the different Petri net techniques? 

Methodological procedures for each Petri net techniques can be found in the 
Application Developer View. 



3 Common Base 

In this section we present an overview over the Common Base of the »Petri Net 
Baukasten«, which establishes the relation between the different views. A fun- 
damental requirement is that it encompasses all relevant Petri net variants and 
respresents them in a common scheme in order to define the relationship between 
these variants. The scheme itself must be simple and easily understandable to 
anyone working with the »Petri Net Baukasten«, including application devel- 
opers, tool developers and Petri net experts. Therefore a structuring concept 
from software engineering is chosen, which is object-oriented. It uses special- 
ization and generalization concepts. Different Petri net variants are related to 
each other via these relationships. The general scheme of the Common Base 
is a hierarchy of Petri net variants, called Petri net classification, depicted in 
Figure 0 Intuitively, the Petri net classification follows similar principles as the 
construction of class hierarchies in UML. 




Figure 3. General diagram of the Common Base. Tq represents the most simple Petri 
net type and Tjf._ represents the specializiation jk . . . of the degree i 



The object-oriented semiformal description used for the >Petri Net Baukas- 
ten« introduces Petri net variants as objects, which are called Petri net types in 
the following. Characteristics of a variant are described as characteristics of an 
object. The classification of Petri net types is based on the set of characteristics 
of the Petri net types. Accordingly, Petri net types whose characteristics are a 
subset of another Petri net type are considered as generalizations of the other 
type. Vice versa, a Petri net type is a specialization of another Petri net type if 
it carries a superset of characteristics. Petri net types classified according to this 
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classification scheme are all specializations of the most common Petri net type 
at the root of this hierarchy. Analogously to the notions in object-oriented tech- 
niques, this hierarchy is called inheritance hierarchy. It depicts the inheritance 
of characteristics from top to bottom. Our inheritance hierarchy in the Common 
Base is an acylic directed graph, because multiple inheritance is allowed. 

The root of our Petri net classification is given by a Petri net type comprising 
the characteristics: place, transition, (two kinds of) edge, activation, firing, mark- 
ing, and token. Starting from the root we obtain different specialization paths 
which each focusses on a particular Petri net property. We distinguish three 
groups of specialization paths: elementary, additional, and operational paths. 
An elementary path specifies one of the basic constituents of a Petri net vari- 
ant, e. g. marking limit (capacities) on places, edge weights, pre-and post-sets of 
transitions, token colours, etc. Optional characteristics like authorization, time, 
etc. are described in the additional paths. The operational path is concerned 
with available operations like verification, structuring, or analysis. 




Figure 4. Specialization example for characteristic Markingstructuring 



An example for specializations is given in Figure ^ It is concerned with the 
elementary characteristic MarkingStructuring introduced in the second special- 
ization level. Petri net type 1.4 is specialized by Petri net type lA.x, where 
the inherited characteristics are more specific and new characteristics are added. 
More details on the underlying principles for specialization can be found in 
[iwbpmj and an initial installment of about 100 different Petri net types in 
[IDFOOOj . 

Summarizing, the Petri net classification is built from Petri net types with 
characteristics ordered hierarchically by a specialization/generalization relation. 
A classification glossary provides a description of the meaning of the different 
characteristics. Moreover, a Petri net type holds an indicator to Application De- 
veloper View, Expert View, or Tool Developer View, if there is a direct relation 
to the corresponding view. Such a relation exists if the Petri net type is repre- 
sented in that view. More details about these indicators and the relation of the 
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Common Base to the different views can be found in the corresponding sections 
of this paper. For more details see [II )FChhll )ehhyij and [WljHflij in this volume. 

4 Application Developer View 

The Application Developer View provides adequate support for application de- 
velopers within application development projects. For planning and performing 
the developing activities the Application Developer View offers informations to 
allow application developers to select suitable 

— Petri net techniques, 

— development methods, and 

— sample solutions. 

Therefore, the Application Developer View builds a bridge between practice 
and Petri net theory. We intend to faciliate understanding of the use of Petri nets 
for practioners of different application domains. To achieve better understanding 
we take objectives and aspects of several application domains into account and 
create a link to corresponding Petri net notions. In [IWLBnij it is discussed 
in more detail how these objectives refer to application-, problem-, method-, 
solution-, tool-, need-, and multiple-way orientation. The support for application 
developers is realized by the interpretation of Petri net concepts. Therefore, it 
is necessary to use technical terms of application domains and map them to 
Petri net notions in application specific glossaries. A detailed description of the 
elements of the Application Developer View together with a structural model 
can be found in IWLBOll . 

Application domains are of central importance in our »Petri Net Baukasten«:, 
as one of the major aims of the »Petri Net Baukasten« is application-orientation. 
Application orientation is realized by an application domain specific interpreta- 
tion of Petri net notions. The description of an application domain may contain 
some application-oriented aspects, which are relevant entities and questions of a 
particular application domain. For example, the application domain of workflow 
management contains the aspects according to the workflow process definition 
metamodel of the Workflow Management Coalition (WfMC), documented in 
IWtlVlCOni . This includes workflow application, workflow participants, workflow 
process activities, workflow relevant data, etc. Application domains may be re- 
lated to others, e. g. if one is the superdomain. One superdomain of logisties, for 
example, is business process modeling. 

In the following we will briefly sketch the support for the application devel- 
oper given by the Application Developer View. 

The Application Developer View offers Petri net techniques as defined in Sec- 
tion l2.iSI For this purpose, characteristics of the Petri net techniques are identified 
which are relevant for application developers. These characteristics concern e. g. 
the application domain, the Petri net type, intended objectives, or tool support. 
Additionally, a so-called technique-guide offers informal descriptions about the 
Petri net techniques. 
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The Application Developer View offers development methods: In our termi- 
nology a development method comprises a set of Petri net techniques, given by 
a Petri net type, its formalization, a corresponding tool, and a methodological 
procedure. This procedure is given by a sequence of development steps, which 
lead to a result which is required in that particular method. Moreover, the pro- 
cedure describes the development activities. In contrast to a process model, a 
method explicitly comprises techniques, and in particular Petri net types. Each 
development method supports a specific application domain. 

Last, but not least, the Application Developer View offers sample solutions. 
A sample solution is given by a Petri net model solving specific problems together 
with a description of the solution. The solution description uses the terminology 
of the corresponding application domain in order to support understandability 
and can be considered as a didactical support, how to model a specific problem 
in an application domain. 

Relation to the Common Base. The relation between the Application Developer 
View and the Common Base is established by application domains, development 
techniques, sample solutions, and application-oriented aspects. They are either 
related to a Petri net type in the Common Base (as Applieation Domain, De- 
velopment Technique, and Sample Solution) or to some characteristics of a Petri 
net type. More details can be found in IWLhibil . 

5 The Expert View 

The Expert View provides a uniform structuring of the theory of Petri nets. It 
supports Petri net experts in so far as a uniform presentation of new notions is 
supported, and the transfer of results is faciliated. The major task of the Expert 
View within the >Petri Net Baukasten« is to provide the formal foundation of 
the Petri net types in the Common Base in terms of mathematical definitions 
and results based on the underlying notions. 

The Expert View provides the following notions which will be explained 
below: abstract Petri net frames, formal Petri net techniques, actualiziations, 
and transformations. Schemes are used for the structured representation of these 
notions in order to obtain a uniform structure for the presentation of Petri net 
theory in the Expert View. The relation of the Expert View to the »Petri Net 
Baukasten« is discussed at the end of this section. 

The Role and Structure of the Expert View. The role of the Expert View is to 
represent mathematical concepts and results on Petri nets in a structured way. 
The main idea is to represent formal Petri net techniques: A formal Petri net 
technique consists of a core formalism - i.e. the mathematical description of 
nets - and compatible operations on Petri nets like structuring, analysis, and 
verification techniques. Furthermore, a formal Petri net technique is the formal 
foundation of a Petri net type in the Common Base. A formal Petri net technique 
is one part within a Petri net technique as shown in Figure El 
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In order to describe different formal Petri net techniques in a generic way we 
use the notion of abstract Petri net frames. Due to their high level of abstraction 
these Petri net frames allow to represent different notions of Petri nets in a 
uniform way. An abstract Petri net frame defines basic Petri net notions and 
operations on Petri nets using formal parameters. Actualization of these formal 
parameters allows to propagate notions and results defined on the abstract level 
to concrete formal Petri net techniques. Note, that several abstract Petri net 
frames are considerd. 

Transformations between different formal Petri net techniques are used to 
state similarities, dependencies, refinement or abstractions. Transformations are 
essential for Petri net based system development when changing from one Petri 
net technique to another in a development step, depicted as arrows in Figure El 

Abstract Petri net frames and formal Petri net techniques are related in the 
following way: The actualization of an abstract Petri net frame yields a formal 
Petri net technique. This is achieved by replacing the abstract mathematical 
entity (formal parameter) by a concrete mathematical entity (actual parameter). 

Transformations are mappings between abstract Petri net frames and formal 
Petri net techniques respectively. More precisely, transformations allow to trans- 
fer notions and operations on Petri nets from one formal technique to another. 

Summarizing, the role of the Expert View is to 

— present mathematical concepts and results on Petri nets 

— provide consistent formal Petri net techniques 

— relate different Petri net notions 

The structure of the Expert View is depicted in Figure 0 and given in more 
detail in Section imioi in the appendix together with some typical examples. 
It consists of 

— formal Petri net techniques (see Section im 

— abstract Petri net frames (see Section E2I) 

— actualizations (see Section IA.3II 

— transformations (see Section FA .4ll 

Schemes. For a structured representation a meta notation, called schemes, is 
used in the Expert View. A scheme symbolizes a fixed pattern of keywords 
representing Petri net notions. For abstract Petri net frames, formal Petri net 
techniques, actualizations, and transformations a corresponding scheme consist- 
ing of relevant keywords is introduced. 

Instantiation of the corresponding scheme by definitions, facts, theorems, algo- 
rihms etc. leads to a specific abstract Petri net frame, formal Petri net tech- 
nique etc. Instantiations can be either explicit or by reference to a Defini- 
tion/Fact/Theorem in a corresponding paper. Moreover, it might be annotated 
by explanations for the sake of readability. 

Note, that for an instantiated abstract Petri net frame, formal Petri net tech- 
nique etc. it is not necessary that every single component of the corresponding 
scheme is instantiated. 



The >Petri Net Baukastenc An Overview 



39 



Abstract Petri Net Frame 

Formal Parameters 
Operations 
Properties 
Further 











Actualization 



Abstract Transformation Actualization 







Abstract Petri Net Frame 

Formal Parameters 
Operations 
Properties 
Further 







Actualization 




Figure 5. The Structure of the Expert View 



Relation of Expert View and rs-Petri Net Baukasten<t:. The Expert View presents 
the formalizations of concepts described in the Common Base in a semiformal 
way. Each formal Petri net technique in the Expert View is a formal counterpart 
of a Petri net type in the Common Base. The correspondence is given by using 
name identity of the Petri net type and the formal Petri net technique. 

This correspondence is established as follows. For each attribute of the Petri 
net type, there is a mathematical description in the corresponding formal Petri 
net technique. Of course, the relation between attributes and formalization can- 
not be expected to be strictly one-to-one. Hence, one Petri net type in the 
Common Base may have various counterparts in the Expert View. This is an 
advantage for the application or tool developer, because it allows to choose be- 
tween different formal Petri net techniques formalizing one and the same Petri 
net type. 

A further connection between Expert View and Common Base is given by 
transformations. In the simple specialization/generalization structure of the 
Common Base transformations are presented as attributes. Each transforma- 
tion establishes a relation between two formal Petri net techniques, where a 
transformation attribute in the Common Base corresponds to a transformation 
in the Expert View. 

Transformations play an important role in the >Petri Net Baukasten« as they 
allow to combine different formal Petri net techniques to a method as defined in 
Section 0(see Figure 0 where the arrows correspond to transformations). 

This shows that formal Petri net techniques and transformations in the Ex- 
pert View are most important for the development activities in the Application 
Developer View, where the correspondence is established via the Common Base. 
Last, but not least, the implementation of parameterized net classes, described 
in IeWqH , establishes a direct relation between Expert View and Tool Developer 
View. 
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6 Tool Developer View 

The task of the tool developer is supported by the Tool Developer View. The 
support comprises various aspects of tool development: 

— management of existing tools, 

— facilities for tool development, and 

— support for extension of existing tools. 

Management of Existing Tools. The Tool Developer View has a tool admin- 
istration component which stores informations about tools. The administration 
is based on a form containing all relevant information about a tool. The form 
contains information concerning e. g. a general description, the underlying Petri 
net type, the implemented Petri net operations, some technical instructions, in- 
formation about licences and some evaluation notes. The information captured 
by this component faciliates the search for an adequate tool. This establishes an 
easy access to existing tools. 



Facilities for Tool Development. For building prototypes the Tool Developer 
View contains the Petri net kernel (PNK), see [IK Wt)t)a^K Wt)t)h) for details. It 
yields an infrastructure for building Petri net tools by offering standard functions 
and a graphical user interface. The PNK is not restricted to a particular Petri 
net type but covers all relevant Petri net types due to parameterization. The 
design of the PNK according to [Webflflj was driven by the following objectives: 



— Implementation of a new algorithm for analysis, simulation, or verification 
should be faciliated. The tool developer should be free from caring about 
implementation of parser, graphical interface etc, which is provided by the 
PNK. 

— The net information should be accessible via a simple interface of the PNK, 
which reflects the typical mathematical notions on Petri nets such as pre- 
and postsets. The interface should not require the knowledge of a particular 
software technique, such that an unexperienced programmer should be able 
to efficiently use the interface within short time. 

— It should be easy to integrate several algorithms which have been developed 
independently and to tailor them to specific application domains. 

— The implementation of a tool for newly defined Petri net types should be 
supported by the PNK — again without implementing additional parse op- 
erations or editor functions. 



Extension of Existing Tools. Extension of existing tools is a special case of 
tool development. It may be caused by the incremental development, by further 
advances of Petri net theory, or in order to fit it to the purpose of a user. 
This kind of support is covered by the general support for tool development as 
decsribed above. 
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Figure 6. Installments of the »Petri Net Bankasten« 



Relation to the Common Base. Petri net tools support one or more tasks within a 
development method. Usually, they are based on one Petri net type, and support 
a corresponding Petri net technique. A tool may support modeling, structuring, 
analyzing, testing, verifying, or transforming Petri nets, provided such opera- 
tions are available in the Petri net technique. There is a relation between a Petri 
net type and a tool, if it supports the characteristics of that type. 

A direct relation to the Expert View is described in | IEWni| . where the imple- 
mentation of one specific abstract Petri net frame, namely parameterized net 
classes, with the PNK is presented. 

7 Conclusion: Installment, Maintenance, and Evolution 
of the »Petri Net Baukasten<s 

In this conclusion we discuss the problems of installment, maintenance, and 
evolution of the »Petri Net Baukasten«. 

Installments of the »Petri Net Baukasten« 

Installment^ of the »Petri Net Baukasten« can be accomplished in different 
ways. There are various ways to apply the »Petri Net Baukasten« in practice 
which are highly dependent from the intended use. 

As shown by the two axes in Figure El an installment of the »Petri Net 
Baukasten« depends on the elaborateness of its contents as well as on the 

^ Installment has been called “realization” in previous papers about the »Petri Net 
Baukasten«. The new term emphasizes the fact, that it is one part of a serial story. 
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technical complexity. Two installments are considered up to now, the initial 
installment, which has been called initial realization in mm, and a second 
installment presented in PCLWOH - The main ideas of the initial installment 
can be summarized as follows: 

Initial Installment of the >Petri Net Baukasten«: 

Common Base 

In the initial installment a class diagram representing the classification of 
Petri net types relevant for business processes has been established and is 
depicted in |DF(I99j using the UML tool Rational Rose. The classification 
comprises about 100 Petri net types and twelve different specialization paths, 
that can be distinguished into three categories: elementary, additional, and 
operational extensions. 

Application Developer View 

In the initial installment an assistance system is provided on a conceptual 
level for the support of the application developer. There are two kinds of 
variants for the assistance that can be distinguished, namely assistance to 
find a suitable Petri net technique and assistance to find a suitable solution 
example. Both of these variants are supported by prescriptive, navigating, 
or descriptive assistance methods. The system architecture sketches the fun- 
damental ideas about the assistance system in HMSSI. For more detail we 
refer to the paper IWLHOlj in this volume. 

Expert View 

The structured representation of significant aspects of Petri net theory in 
the initial installment is based on schemes for abstract Petri net frames, for- 
mal Petri net techniques, actualizations, and transformations. Each of these 
schemes consists of a list of relevant keywords. The initial installment of the 
Expert View comprises instantiations of all these schemes, e. g. parameter- 
ized net classes as an actualization of abstract Petri net frames algebraic 
high-level nets, coloured Petri nets, elementary nets, place/transition nets, 
and FunSoft nets as instantiations of formal Petri net techniques. 

Petri Net Kernel in the Tool Developer View 

The Petri Net Kernel in the initial installment is an object-oriented tool for 
the fast prototyping of simple Petri net tools. The basic idea of the Petri 
Net Kernel is the distinction between fixed and variable aspects of Petri nets. 
Variable aspects can be considered as parameters and allow the automatic 
generation of Petri net tools by actualization of these parameters. It imple- 
ments that part of the Tool Developer View that is actually concerned with 
the tool development. The implementation of parameterized net classes with 
the Petri Net Kernel is discussed in the paper [EW()1| of this volume. 



Maintenance of the »Petri Net Baukasten« 

Maintenance of the »Petri Net Baukasten« is the general task to update the 
contents of the initial and other installments within the Common Base and 
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the three views. Specific tasks would be to add new notions or results of the 
theory of Petri nets into the Expert View, tools or tool descriptions in the Tool 
Developer View, or methods in the Application Developer View. Maintenance of 
the Common Base might be necessary as a consequence of the maintenance of 
some view, and may induce further changes in the other views. It is important 
to point out that maintenance preserves the structure of each view and the 
connection to the Common Base. However, different installments require different 
maintenance scenarios. A collection of various scenarios can also be found in 

IIDh'Cyfll . 

Evolution of the »Petri Net Baukasten« 

In contrast to maintenance of the »Petri Net Baukasten«e where the conceptual 
structure of the Common Base and the different views is preserved, evolution 
of the »Petri Net Baukasten« allows to change the structure and the technical 
complexity of the installment as shown in Figure 0 This requires also an update 
of the contents and leads to a new installment of the »Petri Net Baukasten«. An 
evolution step towards higher technical complexity is presented in [DCLWOT] . 
called second installment. It comprises a database, services operating on this 
database and explicit access for each group (user interfaces) . Each of these com- 
ponents respects the conceptual structure, given by the different views. Moreover, 
a software architecture as a further refinement has been introduced. 

Hopefully, further installments will be provided not only by the research 
group Petrinetz-Technologie, but also by other development groups in dif- 
ferent application domains. Last, but not least, it is important to point out that 
the general idea of the s>Petri Net Baukasten« is not at all restricted to Petri 
nets, but can be extended to other kinds of semi-formal and formal specification 
techniques in the literature as summarized in mEm- 
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A Appendix 

In this appendix we present more details of the Expert View, described in Section 
El on a conceptual level. For illustration parts of the initial installment (see 
| inF(E)9| l of the »Petri Net Baukasten« are presented here. 

A.l Formal Petri Net Techniques 

The notion of a formal Petri Net technique comprises a core formalism and com- 
patible operations on Petri nets. The core formalism is a mathematical definition 
of a class of Petri nets which comprises the definitions of the net structure, data 
type structure, time, organizational structure, initial marking, and firing. An op- 
eration on Petri nets like structuring, analysis, and verification is a function that 
can be applied to Petri nets of a specific core formalism. Compatibility among 
these operations and with the core formalism is essential for their combination 
with the core formalism to a formal Petri net technique. Consequently, these 
compatibilities are main properties of the formal Petri net technique. Addition- 
ally, there might be further theoretical aspects, which are of less importance 
within the »Petri Net Baukasten«. 

The scheme for a formal Petri net technique given below corresponds to this 
description. 

For illustration we present the formal Petri net technique of algebraic high- 
level nets as an instantiation of the scheme for a formal Petri net technique. 
We first discuss this technique informally before we give the instantiation of the 
scheme. 
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Formal Petri Net Technique 

Core formalism 

Net Structure 
Data Type Structure 
Time Description 
Organizational Structure 
Initial Marking 
Firing / Semantics 
Operations on Petri Nets 
Structuring 
Analysis 
Verification 
Properties 

Compatibilities 
Further Properties 
Further Theoretical Aspects 



An Algebraic High-Level Net (AHL net) consists — roughly speaking — of a 
Petri net with inscriptions of an algebraic specification SPEC [EM defining 



the data type part of the net. For AHL nets structuring techniques are for- 
mulated within the frame of high-level replacement systems !NHKP91|. Results 






comprise horizon- 



from the theory of AHL nets 
tal structuring techniques like union (composition of two nets with respect to a 
common interface) and fusion (the gluing of places, transitions, or even subnets 
within a given net), and vertical structuring like rule-based modification and 
rule-based refinement preserving safety properties in the sense of pP^ . All of 
these structuring techniques are pairwise compatible with each other. Further- 
more, there are concurrency properties of rule-based modification and rule-based 
refinement like local confluence and parallelism which are essential for the AHL 
net technique. On the other hand the notion of T-invariants defined for AHL 
nets (see ram) is — in general — not compatible with rule-based modifica- 
tion. Therefore, T-invariants are not given in the operations of the formal Petri 
net technique below, but they are only listed under further theoretical aspects. 

We are now going to instantiate the scheme according to the above descrip- 
tion. 



Formal Petri Net Technique: AHL Nets 
Core formalism 
Net Structure 

Algebraic High-Level Net, see [PFH,95j . Def. 4.1 
Data Type Structure 

Specification and SPEC-algebra, see |EM85j . Def. 1.14 
Firing/ Semantics 

Operational Behaviour of AHL-Nets, see !PER95j . Def. 4.2 
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Operations on Petri Nets 
Structuring 

— Union, see PER95], Def. 3.5 
— Fusion, see P?ER95j . Def. 3.1 

— Rule-Based Modification, see |PGE98| . Def. 2.3 (Rule and Transfor- 
mation) 

— Rule-Based Refinement, see [IP(lE98j . Concept 4.1 (Vertical Struc- 
turing Technique: Rule-Based Refinement) 

Properties 

Compatibilities 

— Fusion and Union, see iPEH,95iVlL70! 

— Rule-Based Modification and Rule-Based Refinement, see lEMI, 
Fact 4.3.3 (Induced Q- Transformations and Pushouts in QCAT) 

— Fusion and Rule-Based Modification, see |PEH,95j . Theorem 3.4 (Fu- 
sion Theorem) 

— Union and Rule-Based Modification, see |PER95j . Theorem 3.7 
(Union Theorem) 

— Fusion and Rule-Based Refinement, see Fact 4.5.5 (Fusion 

is compatible with Q- Transformations) 

— Union and Rule-Based Refinement, see Pr*ad96j . Fact 4.5.10 (Union 
is compatible with Q- Transformations) 

— Preservation of Safety Properties, |PCE98IPHC0(^ 

Further Properties 

— Instance of Parametrized Net Classes, see |HH96| . Example 3.5.1 
(Algebraic High-Level Nets) 

— Transformations: Unf : AHL — >■ PT, see Section FA.4I 
— Category AHL-net, see |PCjE98| . Def. 4.6 

— Category of AHL nets is cocomplete, see [PER95| . Theorem 5.10 
— HLR-properties of AHL-net transformation systems, see IPEk95l . 
Theorem 5.10 

— Local Church-Rosser Theorem, see IPEk95l . Theorem 2.11 proof see 
— Paralellism Theorem, see IPER95I , Theorem 2.13, proof see lEHKPOn 

Tpi 1 ' I ' V| 1 1 A 

Variants of AHL nets in yvl8Vmum89lHei9llDHP9HLil9blS™ 

Sheaf Semantics ILil95l 
T-Invariants iTTEnni 



A. 2 Abstract Petri Net Frames 

Abstract Petri Net frames are uniform descriptions of Petri nets which are based 
on the concept of parametrization/actualization. Abstract Petri net frames con- 
tain formal parameters and a frame body leading to a parameterized description 
of Petri nets. The frame body describes the invariant aspects that do not change 
for any actualization of the formal parameters. The abstract Petri net frame 
comprises structural as well as behavioral aspects in a generic way including 
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operations defined already on the generic level. These operations have to be 
compatible with each other such that each actualization leads to operations on 
Petri nets within a consistent formal Petri net technique. These compatibilities 
are relevant properties for the >Petri Net Baukasten<K. Such properties and fur- 
ther theoretical aspects are also presented in an abstract Petri net frame. 

This leads to the following scheme for abstract Petri net frames: 



Abstract Petri Net Frame 




Formal Parameters 




parameter name: formalization 


Frame Body 




Operations 




Properties 




Further Theoretical Aspects 



In the following, we present as an instantiation of the scheme the abstract 
Petri net frame of parameterized net classes EiaMEEnZEMil. For the im- 
plementation of parameterized net classes within the »Petri Net Baukasten<e we 

refer to EMU- 

Parametrized Net Classes are based on an algebraic representation of Petri nets 
[IMM9niPFP.9,^F( I W98IFR,97j . Orthogonal parameters for the structure of the 
net, the structure of the marking (adjoint functors [MT;7flj V and for the data 
type specification (institutions pin2]) can be declared. Horizontal and vertical 
structuring techniques are defined on the generic level of parametrized net classes 
where all these structuring techniques are compatible with each other. Thus, 
actualization of the parameters leads to net classes with compatible structuring 
techniques. Most of the known and interesting new net classes are obtained by 
appropriate actualizations, which will be discussed below. 

The representation of data type specifications as institutions serves as a uniform 
framework where a flexible change of specification techniques is supported by 
institution morphisms |(IB9‘2IM W98| . 

Abstract Petri Net Frame: “Parametrized Net Classes” 

iP ad U fi lkP O TlP a d ^ 

Formal parameters 

— Data type structure: specification frames (institutions), see jPa.rl98aj . 
Definition 2.11 or fPa.d9tij . Definition 3.2.11 
Explanation: Data type part of nets 
— Marking structure (functor): A composite functor from a pair of 
adjoint functors, a left-adjoint functor from category of sets to a 
subcategory of commutative semigroups, see |Pad98a,j . Definition 3.1, 
or Ea, Definition 2.2.1 
Explanation: Domain of net markings 
— Flow structure (functor): A composite functor from a pair of adjoint 
functors, a left-adjoint functor from category of sets to a category of 
flow structure, with a natural transformation to marking structure 
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functor, see |Ead98bj . Definition 2.1 
Explanation: Domain of arc-weights 

Frame Body 

— Parametrized net classes (Abstract Petri nets), see jPad98a,j . Defini- 
tion 3.5, or |P^dM| . Definition 3.3.1 
— Firing rule, see |Pa,d98aj . Definition 3.6 and pa,d96j . Definition 3.3.2 

Operations 

Structuring 

— Union, see Definition 4.5.6 

— Fusion, see Definition 4.5.2 

— Rule-Based Modification, 

see EM, Definition 4.2.1 (Rules and Transformation) 

— Rule-Based Refinement, 

see EM, Section 4.3 (Q-Transformation) 

Properties 

Compatibilities 

— Fusion and Union, see |Padi)6IMLY0| 

— Rule-Based Modification and Rule-Based Refinement, 

see |Pad96j . Fact 4.3.3 (Induced Q- Transformations and 
Pushouts in QCAT) 

— Fusion and Rule-Based Modification, 
see |FHKP9l) (for transformation) 

— Union and Rule-Based Modification, 
see [FHKP9I) (for transformation) 

— Fusion and Rule-Based Refinement, 

see EM, Fact 4.5.5 (for Q-Transformation) 

— Union and Rule-Based Refinement, 

see EM, Fact 4.5.10 (for Q-Transformation) 

— Compatibility results for Parametrized net classes concerning par- 
allel and sequential independent transformations, and horizontal 
structuring and transformations, 
see , Theorem 4.6.7 

in detail: 

— Local Church-Rosser 1 and 11, see [EHKP91I (for transformation) 
and pad 96] Theorems 4.4.5 and 4.4.7 (for Q-Transformation) 

— Parallelism Theorem, see pHKP9l] (for transformation) and 
EM, Theorem 4.4.11 (for Q-Transformation) 

Properties 

— Preservation of Behaviour by Morphisms, 
see EM, Theorem 3.3.5 
Further Theoretical Aspects 

— Morphisms of Parametrized Net Class, 
see Pad96j. Definition 3.3.3 
— Category of Parametrized Net Class, 
see pad96j. Fact 3.3.4 
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— Finite cocompleteness of Category of Parametrized Net Class, see 
IME!, Theorem 3.3.6 



A. 3 Actualization 

The actualization of an abstract Petri net frame (as defined in Section E3) is 
achieved by replacing the abstract mathematical entity described by the formal 
parameter by a concrete mathematical entity — the actual parameter. Oper- 
ations and properties given on the level of the abstract Petri net frame are 
propagated via actualization leading to a corresponding formal Petri net tech- 
nique. The core formalism of the formal Petri net technique can be enriched by 
further properties, aspects, or compatible operations to another formal Petri net 
technique such that the actualized formal Petri net technique is a subtechnique 
of the enriched one. 

Summarizing, actualization of an abstract Petri net frame is given by replace- 
ment of the formal parameters by the actual parameters. The resulting instance 
may be a subtechnique of some other formal Petri net technique which — in this 
case — is called related formal technique. 

The scheme for actualization below captures this description. 



Actualization 

Abstract Petri Net Frame 

Formal Parameters replaced by Actual Parameters 
Resulting Instance 
Related Formal Technique 

As example for the instantiation of the scheme for actualization, we present 
an actualization of the abstract Petri net frame of parameterized net classes 
leading to a variant of algebraic high-level nets, called algebraic high-level net 
schemes (see [EEES|). Algebraic high-level net schemes do not include an ex- 
plicit algebra as given in algebraic high-level nets. Nevertheless, all operations 
and properties derived from the abstract Petri net frame can be lifted to alge- 
braic high-level nets as given in Section rA.il 

Actualization “Algebraic High-Level Net Schemes” 

Abstract Petri Net Frame 

Parametrized Net Classes, see |EB|, Example 3.5.1 
Formal Parameters replaced by Actual Parameters 
— Data structure H> Algebraic Specification 
— Marking structure i— >■ free commutative monoid 
— Flow structure i— >■ free commutative monid 
Resulting Instance 

Algebraic high-level net schemes (without data model, see |EP1{,!14| ) 
Related Formal Technique 

Algebraic high-level nets (see Section D 
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A. 4 Transformations 

A transformation is a construction which transforms Petri nets of one Petri net 
type into nets of another type. In the Expert View transformations are defined for 
formal Petri net techniques or even on the level of abstract Petri net frames, such 
that an actualization leads to a transformation of formal Petri net techniques. 
Transformations are essential for Petri net techniques, because they realize the 
transfer from one formal Petri net technique to another one within the process 
of system development. 

An important aspect of a transformation concerns the transfer of operations on 
Petri nets from the source to the target type. Full compatibility with techniques 
would mean that every operation in the source technique is compatible with a 
corresponding one in the target technique. This cannot be expected in general, 
so that compatibility has to be stated explicitly. 

Corresponding to the above description the following scheme captures transfor- 
mations where the scheme also includes compatibility with other transformations 
and further properties. 



Transformation 

Source 

Target 

Definition 

Compatibility with Techniques 
Compatibility with other Transformations 
Further Properties 

In the sequel we are going to discuss the transformation flattening and show 
how it can be obtained by instantiation of the transformation scheme. 



Flattening of algebraic high-level nets is described by a functor Flat : AHL — ^ 
PT from the category AHL of algebraic high-level nets to the category PT 
of place/transition nets, see |EPR,94^ . Fact 3. Each algebraic high-level net is 
mapped to a place/transition net while preserving the behaviour. The data el- 
ements on places in the high-level net are coded into places of the low-level 
net. Analogously, the transitions together with consistent variable assignments 
in the high-level net are flattened to transitions in the low-level net. Note, that 
this transformation has also been studied in |Lil95| . where it is called unfolding. 
Although the source of unfolding is based on slightly different algebraic high- 
level nets, results of |bd95| clearly can be adapted to the (core formalism of the) 
formal Petri net technique presented in Section 17m Performing first the folding 
construction and subsequently the inverse construction of unfolding leads to an 
isomorphic place/transition net0. 



The corresponding Lemma 2.1.16. m |Lil95| obviously can be transferred to the 
notion of algebraic high-level nets as considered here. 
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Transformation “Flattening of Algebraic High-Level Nets” 

Source 

Algebraic High-Level Nets (see Section Fa . i ^ 

Target 

Place/Transition Nets 

Definition 

Flat : AHL — ^ PT is a construction from the category AHL of alge- 
braic high-level nets to the category PT of place/ transition nets, as given in 

(EEH23, Fact 3 

Compatibility with Techniques 

Behavior equivalence, see EBEna, Fact 3 
Compatibility with other Transformations 

Flat{G{N)) ~ N, for a place/transition net N analogously to EM] , Lemma 
2.1.16, where G : PT -T AHL is a folding functor 

Further Properties 

Flat is a functor, see |FPli,94j . Remark to Fact 3 
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Abstract An enormously rich variety of Petri net concepts, techniques, 
and methods as well as various tools and tool environments has been de- 
veloped to support the process-driven system development. But, system 
development under the use of Petri nets is still difficult since the one 
which best fits the application cannot be identified easily. 

In this paper an application-oriented assistance approach is introduced 
which helps application developers to find the “right” Petri net variant, 
tool, technique, and development method for specihc development tasks. 
It is based on the s>Petri Net Baukasten«, more especially on its Ap- 
plication Developer View and its Common Base. Both are explained in 
detail. 



1 Introduction 

Petri nets are used in various application domains like workflow management 
and production automation to model, assess, and implement the behaviour of 
distributed systems. They originate in the Ph.D. thesis of Carl Adam Petri in 
1962 1^. Various additional concepts have been added to support the modeling 
of different system aspects and capabilities to assess and implement the mod- 
eled system behaviour have been developed. This has led to an enormously rich 
variety of Petri net concepts, techniques and development methods as well as to 
various tools and tool environments that still cannot be used effectively. Using 
Petri nets is still difficult since the Petri net variants, techniques, methods, and 
tools best fitting the respective development task cannot be identified easily. For 
this reason, improving the usability of Petri nets by assistance is needed strong 
by application developers to find the “right” one. 

Tool surveys usually used by application developers to find a Petri net tool 
fulfilling specific requirements. The most user-friendly and current source of in- 
formation on Petri net tools are the tool databases publicly accessible in the 
World Wide Web (WWW) at piT2j . In this paper we present an assistance ap- 
proach to additionally support application developers in finding suitable Petri 

* This work is part of the joint research project “DFG-Forschergruppe Petri Net 
Technology” between H. Weber (Goordinator), H. Ehrig (both from the Technical 
University Berlin), and W. Reisig (Humboldt University Berlin), supported by the 
Deutsche Forschungsgemeinschaft (DFG). 



H. Ehrig et al. (Eds.): Unifying Petri Nets, LNCS 2128, pp. 54-|7^ 2001. 
© Springer- Verlag Berlin Heidelberg 2001 
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net variants, techniques, and methods. This approach is part of the »Petri 
Net Baukasten«, which has been developed by the research group Petri Net 
Technology in Berlin, see further information at http://www.informatik.hu- 
berlin.de/PNT/. 

The 3>Petri Net Baukasten« has been developed in order to enable a more 
straight forward understanding of Petri nets and its many variants. It takes net 
concepts and theories, tool support, and application of Petri nets into considera- 
tion. This is reflected in three different views upon Petri nets: the Expert View, 
the Tool Developer View, and the Application Developer View. A semi-formal 
Petri net classification is used to build the Common Base of these three views. 
It is a hierarchically structured representation of Petri net variants and their 
specialization/generalization relationships. The Expert View gives a precise de- 
scription of Petri nets in formal and constructive terms while the Tool Developer 
View helps to develop Petri net tools, thus enabling the practical use of Petri nets 
(modeling, analyzing, etc.). The Application Developer View provides informa- 
tion which help practitioners of different application domains to understand the 
use of Petri nets and to And the “right” Petri net variants, tools, techniques, and 
development methods for their development tasks. A more detailed description 
of the »Petri Net Baukasten« approach and its Expert View can be found in 
0 of this volume. A further paper of this volume discusses the Tool Developer 
View |2|. The Application Developer View and the Common Base are important 
to our assistance approach for application developers and are described in the 
corresponding sections of this paper. 

This paper is organized as follows: in Section |2l we describe the Petri net 
classification in the Common Base of the »Petri Net Baukasten«. We explain 
its object-oriented description, discuss the principles used to construct it, and 
document its structural model. In Section 0 we present our understanding of 
assisted application development. We define notions like process model, method, 
and technique to explain our objectives and use cases of assisted application 
development. In Section 0] we describe the Application Developer View of the 
Petri net classification. We explain its structural model and its relationship to 
the Common Base which enables the assistance of application developers. In 
Section Owe describe the system architecture and the repository of an assistance 
system supporting application developers according to the discussed assistance 
approach. 



2 The Common Base of the »Petri Net Baukasten« 

The central part of the »Petri Net Baukasten«: and our assistance approach is 
the so-called Common Base. It encompass all Petri net variants and places them 
into a common scheme, thus defining the relationship between the Petri net 
variants. The three different views on Petri nets called Application Developer 
View, Expert View, and Tool Developer View are integrated by referring to this 
scheme. 



56 



Herbert Weber, Sabine Lembke, and Alexander Borusan 




Fig. 1. Object-oriented description of Petri net variants 




Fig. 2. Generalization/specialization of Petri net types 



It is proposed that the Common Base may be structured as simple as possible 
and understandable for application developers, tool developers, and Petri net 
experts alike. The structuring concept considered to be simple enough and still 
powerful enough to capture the different properties of the many Petri net variants 
is borrowed from software engineering. The structuring scheme for the Common 
Base is object-oriented and described in Section ITTl It is defined by relationships 
of specialization/generalization between the different Petri net variants which are 
represented by so-called Petri net types. The scheme represents the more simple 
Petri net types at the top and the more specific ones below. 

The principle used to construct the hierarchy of Petri net types called Petri 
net classification are described in Section The structural model of the Com- 
mon Base comprising the structuring scheme introduced in Section EH and tak- 
ing the described principles into consideration is explained in Section E 3 

2.1 Object-Oriented Description 

The object-oriented semi formal description that is going to be used here intro- 
duces variants of Petri nets as objects and characteristics associated with Petri 
net variants as characteristics of objects, see Fig. E Such objects are called Petri 
net types in the following. 

The classification of Petri net types and hence the classification of Petri net 
variants is based on the set of characteristics of Petri net types. Especially, Petri 
net types that have characteristics in common are considered as generalizations 
or specializations respectively, see Fig. E 

A Petri net type T\ is considered a generalization of a Petri net type if it 
carries a subset of the characteristics of T2. Vice versa, T2 is a specialization of 
T\ if it carries all characteristics of T\ and one or more further characteristics. 
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TV 




T 1 



Fig. 3. Hierarchical order of Petri net types; Tg represents the most simple Petri net 
type and W. -- represents the specialization j,k of the degree i 



Petri net types classified according to that classification scheme must hence have 
at least one common characteristic. This classification concept is considered to 
be appropriate for the classification of Petri net variants since all of them are 
expected to carry at least the characteristics of being a Petri net. 

Classification based on sets of characteristics can be brought into a hierar- 
chical order. The set of characteristics associated with every Petri net type on 
level i is a superset of the set of characteristics associated with the Petri net 
type on level i — I, see Fig. 0 

In analogy to the common notions in object oriented techniques a hierarchy 
of that kind is called inheritance hierarchy since it depicts the inheritance of 
characteristics from top to bottom. Inheritance hierarchies do not need to be 
trees as depicted above, but may be acyclic directed graphs. 

Petri net variants may be represented as inheritance hierarchies. For that 
purpose characteristics of Petri nets are ordered from “most basic” character- 
istics to “supplementary” characteristics of any degree. This ordering can be 
achieved through the selection of characteristics of interest for the respective 
classification level out of the larger set of possible characteristics. The selection 
of characteristics of interest happens in accordance to a separation of concerns. 
A first upgrading level of the hierarchy of Petri net types also called Petri net 
classification is introduced in 

2.2 Construction of the Petri Net Classification 

The construction of the Petri net classification is based on similar concepts and 
follows similar principles as the construction of class hierarchies in UML |S|. 
None the less, the construction of the Petri net classification is more restricted. 
Therefore, we will explain the used concepts and principles more detailed in the 
following. 

The following specialization principles have been used for the systematic 
construction of the Petri net classification: 

— adding a new characteristic, 

— limiting the type of a characteristic which has been introduced on a lower 
specialization levefl, 

^ A lower specialization level is placed at the top of the hierarchy. Accordingly, a 
higher specialization level is placed further down in the hierarchy. 
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Fig. 4. Specialization example according the different marking structure of places of 
Petri nets 



— assigning a value to a characteristic which has been introduced and typed 
on a lower specialization level (value assignment) , 

— defining the value of a characteristic more precisely by another characteristic 
(value nesting), and 

— the specialization of more than one Petri net type by another Petri net 
type, possibly also using any of the other principles given above (multiple 
inheritance). 

An example for the first three specialization principles is given in Figure 0 
Here, we are focusing on the uniMarkingStructure characteristic introduced in 
the second level. Petri net type 1.4 is specialized by Petri net type 1-4-1, which 
adds this new characteristic. Specialization by limiting the type and assigning 
values takes place by repeating the characteristic of the superior Petri net type. 
The type of the characteristic uniMarkingStructure is limited to an enumeration 
type with the elements sets and multisets by the Petri net type 1.4- 1-1, and, 
respectively, to an enumeration type with the elements fifo and lifo by the Petri 
net type 1.4-1-2, see the third level of Fig. ^ An concrete value is assigned in 
the fourth level. 

If a value of a characteristic has to be described more precisely in the adjacent 
level then this could be done by adding a new characteristic. But, in order to 
depict the dependencies between both characteristics without introducing new 
suitable characteristic names, the value name of the assigned value in the higher 
generalization level is used as the characteristic name in a further specialization 
level. Thus, this new characteristic can be specialized again on further levels. 
This principle is called value nesting and is illustrated in Fig. 0 

The characteristics of two or more Petri net types can be combined, if the 
last specialization principle is used. This is a useful principle for describing more 
specialized Petri net types again by reuniting the various specialization paths. 
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Fig. 5. Example of specialization using the principle of value nesting 




Fig. 6. Example of specialization using the principle of multiple inheritance 

An example of multiple inheritance is depicted in Fig. El The Petri net type C/E 
like Nets inherits all characteristics of the Petri net types 1.2. 1.1 and 1.1. 1.2. 



2.3 The Structural Model of the Common Base 

The structural model of the Common Base depicted as UML class diagram in 
Fig.0 is described in the following. 



Petri Net Classification. The foundation of the Common Base is the Petri net 
classification, which comprises the representation of various Petri net variants, 
called Petri net types. Only one Petri net classification with one root as an entry 
point is present in the Common Base. The entry point is a Petri net type which 
at least contains the characteristics of being a Petri net. 



Petri Net Types. All Petri net types of the Petri net classification are iden- 
tified by their classification name, a decimal name such as 1.4-1^ see Fig. El 
Additionally, a Petri net type can have a more understandable name such as 
C/E like Nets, see Fig. El A Petri net type can specialize other Petri net types 
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PetriNetType 



specializes 



PetriNetClassification 



version : VersionNumber 
lastUpdated ; Date 

f 

pn-classifiction 

Ij 

ClassificationGlossary 



classificationName : DecimalName 
name : Name 
/ isLeaf ; Boolean 
/ isRoot : Boolean 

♦ existsFormalTechnique : Boolean 
> existsToolSupport : Boolean 

existsApplicationDomain : Boolean 



own_characteristics 
/characteristics 

0 *, 



Characteristic 
name : Name 

0..1 isMultiValued : Boolean 
/ isTyped : Boolean 
/ isAssigned : Boolean 
/ isintroduced : Boolean 




/specializes 



specializes 



Fig. 7. Class diagram of the Common Base 



and can be specialized itself by other Petri net types. This is described by the re- 
lationship specializes in Fig.0 A Petri net type is a root if it does not specialize 
other Petri net types. It is a leaf if it is itself not specialized. Characteristics of a 
Petri net type are either inherited from its ancestors or owned. Characteristics 
of Petri net types themselves can either be newly introduced or specializations 
of their ancestors’ characteristics. Every Petri net type holds indicators of ref- 
erences from the Application Developer View and/or the Tool Developer View 
and/or the Expert View, if relationships among these exist, see corresponding 
attributes of PetriNetType in Fig.Q The relationships between the Application 
Developer View and the Common Base are explained in more detail in Sec- 
tion 14.21 The relationships among the other views and the Common Base are 
sketched in Section |S1 



Characteristics. In UML, an attribute is the named property of a class that 
describes a range of values a property may hold. In our Petri net classification, 
an attribute is called a characteristic and is related to a Petri net type, since it 
represents a characteristic property of a Petri net variant, see class Character- 
istic in Fig. Q A characteristic of a Petri net type can be typed and assigned a 
value. The types used to describe the range of a characteristic are user defined 
types consisting of several elements such as enumeration types. The possible 
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values of a characteristic are elements of a certain type. A characteristic can be 
specialized by another characteristic of specialized Petri net types according to 
the principles described in Section f2. 21 Furthermore, the value of a characteristic 
can be described more precisely by characteristics of more specialized Petri net 
types in accordance with value nesting as described in Section El We are not 
concerned with operations (like add_place, delete -transition,...) of the Petri net 
types, but rather with their ability to support Petri net operations such as verifi- 
cation, analysis, etc. These capabilities are characteristic properties of the Petri 
net type and therefore described as attributes or, respectively, as characteristics. 



Classification Glossary. A further component of the Common Base is a classi- 
fication glossary comprising various items giving informal explanations of terms 
used in the Petri net classification. 

3 Assisted Application Development 

The engineering-like development of application systems is always driven by a 
specific paradigm, e.g. a process-driven, an object-driven, or a function-driven 
paradigm. A whole variety of development techniques, methods, and tools exist 
for supporting the most diverse development paradigms. Hence, application de- 
velopers require support in order to be able to carefully choose suitable ones for 
a particular application development. 

Petri nets support process-driven application development, for example. None 
the less, the rich variety of Petri net variants makes it difficult for those who are 
not Petri net experts to find the suitable Petri net variant, Petri net tool, and 
development method for a particular development task. Therefore, we have to 
support the application of Petri nets more specifically, since there are no single 
Petri net variant, tool and method which are the right for the wide range of 
development tasks. 

The outstanding feature of Petri net variants comprising a large number of 
language concepts is their higher and more compact expressive power. On the 
other hand, we often miss the benefit of using Petri nets such as the capabil- 
ity to be analyzed, if such Petri net variants could be applied. Using Petri net 
variants comprising fewer language concepts often leads to extensive Petri nets 
with reduced clarity and manageability. None the less, there are often possi- 
bilities to assess the behaviour of resulting Petri nets like place or transition 
invariant analysis. But, they are missed as soon as more complex Petri net vari- 
ants are used. A similar situation arises when searching for a suitable Petri net 
tool. These differ within the supported Petri net variant, in terms of availability 
(free, commercial), functionality, etc. Moreover, application developers require 
support in methodical development with Petri nets. In particular, they require 
such methods which take the special characteristics of particular application 
domains into consideration. Finally, providing proposed solutions to particular 
application-oriented problems, such as Petri nets solving the mutual exclusion 
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of two workflow activities, can reduce the amount of development work. The ap- 
plication of Petri nets would become easier and faster. In each case, application 
developers must weigh up the pros and cons as pertaining to the requirements 
of a particular development task before the correct decision can be made. 

Assisted application development builds a bridge between the world of prac- 
tice and the Petri net theory, making Petri nets more usable for application 
development. We intend to make it easier for practitioners of different appli- 
cation domains to understand the use of Petri nets. For this purpose, we will 
take objectives and aspects of several application domains into consideration. 
We want to provide information which allows application developers to make 
the best choice in different situations. 

In Section O we will clarify some important notions which will be used 
in the following. Afterwards, we will explain the several objectives of assisted 
application development, see Section E3 Use cases of assisted application de- 
velopment in accordance with our opinion are described in Section I.S..SI 

3.1 Notions 

Some of the notions in our paper, especially “method” and “technique”, are used 
in different ways in the literature. We have tried to remain in accordance with 
the existing interpretations of these notions. Nevertheless, as much as possible, 
we consider it necessary to explain our understanding of these and other notions 
at this point. The relationships between these notions (process model, method, 
technique, language, and procedure) are illustrated in Fig. El This illustration 
is derived from an illustration in jOl p.l40] and takes additionally the notion 
technique into consideration. 

Process Model. A process model is an instrument for organizing of the de- 
velopment process. The particular activities (their order) can be organized in 
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phases, on abstraction levels, in cycles (circular or spiral-shaped) or in stages of 
development. One can distinguish between result- (results are fixed) and activity- 
oriented (development activities are fixed) process models. A process model is 
described by a net of activity and result types as well as by conditions for tran- 
sitions between activity and result types. 



(Petri Net) Method. Each development process is a constructive and en- 
gineering-like process. This kind of creative activity cannot be prescribed by 
recipes and fix solutions. None the less, creative activities can be guided in the 
right direction by methodical rules. In other words, each method represents a 
more or less rough frame in order to formalize the development process or parts 
of it 0 In 0, a method “is an orderly arrangement, development, or classifica- 
tion.” A method is explained as a “plan” and “the habitual practice of orderli- 
ness and regular” . It “implies an orderly logical effective arrangement usually in 
steps”. We define methods as the application and problem-oriented orderliness 
to produce results within a development process. Methods can comprise several 
techniques and cover more then one phase within a process model. 

In this paper we consider development methods based on the use of Petri 
nets. Therefore, we also call them Petri net methods (short for Petri net-hased 
development methods). 



(Petri Net) Technique. In [Z|, a technique is “the manner in which technical 
details are treated (as by a writer) or basic physical movements are used (as by 
a dancer)”. It is also the “ability to treat such details or use such movements 
(good piano technique).” It is also explained as “a method of accomplishing 
a desired aim” . We define techniques as a means to produce results within a 
development process. They comprise a language for representing development 
results as well as a (development) procedure prescribing the sequence of steps 
leading to a result. As compared to methods which support certain development 
phases, techniques are universal and may be used in several development phases. 
Thus, a technique can be an element of several methods. In this paper we consider 
techniques which use Petri nets as a language. Thus, they are called Petri net 
techniques. In the »Petri Net Baukasten« a Petri net technique is built up by a 
consistent set of Petri net types, a (development) procedure, a formal Petri net 
technique describing its formal foundation, and Petri net tools that enable its 
application. Further details are explained in paper in this volume. 



3.2 Objectives 

Assisted application development pursues several objectives, which we will ex- 
plain in the following. 

^ Compared with languages, methods are less prescriptive. There is lack of methods. 
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Application Orientation. A main objective of assisted application develop- 
ment is application orientation. Application orientation is realized by introduc- 
ing an application domain specific interpretation of Petri net notions. In our 
opinion, application developers can relate to the world of Petri nets more easily 
and quickly using familiar technical terms from their own application domain. 
Therefore, technical terms of particular application domains are mapped to Petri 
net notions. For example, the technical terms in the area of business process 
modeling are business process, process activity and so-called roles which denote 
responsibilities. 



Problem Orientation. Each application development of a certain application 
domain is characterized by its own problems which need to be examined. For 
example, business process modeling concentrates on the modeling of existing 
business processes within a certain enterprise. The typically modeled applica- 
tion aspects are business processes with particular process activities, the logical 
order between these process activities, responsibilities etc. Distribution and time 
consumption of business processes may be additional application aspects which 
have to be taken into consideration. The purpose of business process modeling 
may vary from pure documentation and analyzing to suggestions to improve ex- 
isting processes. Assisted application development should therefore not only deal 
with the several application domains but also with the several typical problems 
in certain application domains. 



Method Orientation. In the literature Petri nets are mainly described as a 
language for process modeling. With other words, the language concepts and 
their syntax, i. e. their graphical notation, are mainly discussed. Development 
methods explaining the usage of Petri nets in application development processes 
have not been examined and documented enough. The usage of Petri nets in 
application development can become more effective if development methods are 
made available since these allow application developers to orientate themselves 
within their own development processes and thus makes their work easier. 



Solution Orientation. A good assisted application development should make 
standard and sample solutions available in order to reduce the time needed 
for development activities. It should be able to integrate such solutions into 
the developer’s own work and to adapt them if necessary. Standard and sample 
solutions may be independent of applications , e. g. mutex algorithm - a protocol 
which realizes mutual exclusion. Moreover, standard and sample solutions may 
be application specific. 



Tool Orientation. Modern application development doesn’t work without suit- 
able tool support during most phases of a development process. Therefore, as- 
sisted application development only makes sense if it provides suitable tools for 
application developers which support certain Petri net techniques, methods, etc. 
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Fig. 9. Use case: select a Petri net technique 



Need Orientation. Assisted application development shall be need-oriented in 
accordance with the concrete requirements of a certain application development 
process. Especially the assistance (selection of methods, techniques, tools, sample 
solutions) should follow the principle of you only get what you really need. Let us 
take the example of an application developer looking for a Petri net type which 
supports a certain set of language concepts. In this case, such Petri net types 
take up a prime position which only comprise the required language concepts or 
fewer more. 



Multiple- way Orientation. Assisted application development should be pro- 
vided by several assistance variants in order to provide the right development 
method, the right Petri net technique, the right Petri net type, the right tool 
or the right sample solution. All of these variants should be realized by several 
assistance methods, such as prescriptive, navigative or descriptive assistance 
methods. These allow every application developer to choose a suitable type of 
assistance. 

3.3 Use Cases 

In this section, we describe several use cases of assisted application development. 
The main use cases focus on selecting a suitable Petri net technique, Petri net 
method, Petri net type, Petri net tool, or sample solution. 



Select a Petri Net Technique. The use case select a Petri net technique 
outlines the assistance variant for finding a suitable Petri net technique. A Petri 
net technique can be selected in different ways, for example by using a form- 
based or an overview-based search, compare Fig.|3 If application developers use 
a form-based search then they can specify required characteristics of a Petri net 
technique in predefined boxes. An example of a form-based search is depicted 
in Fig. inn This form enables application developers to find a suitable Petri 
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Fig. 11. Presentation of the determined suitable Petri net techniques 



net technique by keywords specifying its intended objective, application domain 
and its underlying Petri net type. Petri net techniques fulfilling the specified 
characteristics are determined automatically and offered to the application de- 
velopers. For example, the found Petri net techniques are represented as depicted 
in Fig. [n Before application developers select their suitable Petri net technique 
from the offered set, they may use several information about it, like information 
about the application domain, its objective, the underlying Petri net type, or the 
essentials of its procedure. Moreover, they may use its informal description, the 
so-called technique guide, or its formal foundation. Last but not least, a suitable 
Petri net tool supporting the preferred Petri net technique is selected. 



Select a Petri Net Method. The use case select a Petri net method outlines 
the assistance variant for finding a suitable Petri net-based development method. 
Similarly as described above, a Petri net method can also be selected in different 
ways, compare Fig. 1 1 ‘A The form-based search is similar to the form-based search 




Improving the Usability of Petri Nets with the »Petri Net Baukasten«: 



67 



O' o 




Fig. 12. Use case: select a Petri net method 



Overview of Petri Net Methods 

Kind of Overview: Subset: 

Phase-related Overview | Pure Analysis Methods 



Petri Net Methods: 



Petri net method AM2 




Method Guide ] 


Petri net method AM4 




Tool Selection | 



Information about the selected Petri net method: 
Objective: Business Process Modeling 
Covered Phases: Analysis 
Application Domain: Logistics 
Languages: Petri net type PI 
Techniques: Modeling technique MTl 
Abstract: ... 



Fig. 13. An overview to select a Petri net method 



described and depicted above, see Fig. uni It allows search over objectives, appli- 
cation domains and covered development phases (analysis, design, etc.) of Petri 
net methods. An example of an overview-based search is depicted as a further 
possibility to find a suitable Petri net method in Fig. El Here, application de- 
velopers can select a preferred kind of an overview, for example a phase-related 
overview of Petri net methods. In this overview the existing Petri net methods 
are sorted according to their covered phases, for example pure analysis meth- 
ods, pure design methods, etc. A further overview may sort Petri net methods 
according to their intended application domain. 

Application developers can use different information about each offered Petri 
net method. For example, its indented objective, its covered phases, its underly- 
ing languages, and techniques. Additionally, they may also consult the method 
guide before selecting their suitable Petri net method. Finally, application de- 
velopers select tools which enables the application of the selected method. 
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Select a Petri Net Type. The use case select a Petri net type outlines the 
assistance variant for finding a suitable Petri net type which fulfills the require- 
ments of a particular application development process. It is specialized by several 
use cases which reflect several assistance methods for finding a suitable Petri net 
type. These may be select a Petri net type by checklist, select a Petri net type 
by navigation etc., compare Fig. d The navigation based use case enables the 
selection of Petri net types by navigation through the Petri net classification 
described in Section |21 The checklist-based use case lists application-oriented 
aspects of a certain application domain as sketched in Fig. d We provide dif- 
ferent checklists for different application domains. The application-oriented as- 
pects are grouped in modeling-, assess-, and implementation-related aspects. For 
example, a checklist of business process modeling comprises modeling-related 
aspects like data/document specification, activity specification, role specifica- 
tion, time consumption, etc., assess-related aspects like critical path analysis, 
simulation, etc., and non implementation-related aspects. Thus, application de- 
velopers can choose the most relevant aspects for their application purpose. Fol- 
lowing this, Petri net types are determined automatically, supporting language 
concepts needed for dealing with the selected application-oriented aspects. The 
found Petri net types are offered to application developers like found Petri net 
techniques in Fig. ITnt 

Application developers can use different information about a certain Petri 
net type, for example its intended application domains, its informal and its 
formal description. Finally, application developers select tools which enable the 
application of the selected Petri net type. 

Select a Petri Net Tool. The use case select a Petri net tool has been already 
mentioned in all use cases described above. It supports application developers 
to select suitable Petri net tools which enable the application of a Petri net 
technique, method, or type selected before. The selection of a Petri net tool to 
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Fig. 16. Presentation of the determined suitable Petri net types 



enable the application of a Petri net technique and the selection to enable the 
application of a Petri net method differ a little from the selection to enable the 
application of a Petri net type. But in all cases, application developers may use 
information about a Petri net tool and download it, compare Fig. El 

Let us have a closer look to select a Petri net tool to enable the application of 
a Petri net method or Petri net technique. The application of a Petri net method 
or Petri net technique can be enabled by a certain set of Petri net tools which are 
integrated to a workbench or by a certain Petri net-based development environ- 
ment. In both cases, underlying Petri net types and several modeling, assess, or 
implementation functionalities required by a certain Petri net method or Petri 
net technique have to be supported. Such tools or tool sets are recommended to 
application developers as depicted in Fig. El 

Application developers may use information about a selected tool recom- 
mendation, for example about the required operating system (e.g. UNIX) or the 
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Fig. 18. Overview of recommended Petri net tools 



purpose of a single tool (e.g. supports modeling), and about a selected single 
tool of a tool recommendation, for example about its usage costs or its usability. 
Such information explained in j1 1 j as technical-functional criteria and socially- 
assessable criteria enable application developers to select the suitable tool or 
tool set for their development task. Application developers can also define such 
criteria as further requirements for suitable tool or tool sets. If application de- 
velopers have identified a suitable tool or tool set they can download/order it 
from its supplier. 

The selection of a Petri net tool to enable the application of a certain Petri 
net type additionally comprises the specification of the required functionality. In 
the cases described above, the required functionality is already determined by 
the Petri net technique or method. In this case, application developers determine 
the required modeling, assessment, and implementation functionality to enable 
the application of Petri net type selected before yourself. 



Select a Sample Solution. The final use case described here is intended for 
finding the proposed solutions suitable for fulfilling the requirements of a certain 
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Fig. 19. Use case: select a sample solution 



application development. It is called select a sample solution and is shown in 
Fig. El Basically, a sample solution can be selected in different ways, for ex- 
ample by a form-based or an overview-based search. If a form-based search is 
used then application developers can specify required characteristics of suitable 
sample solutions similar to the form-based search described for the selection of a 
Petri net technique or the selection of a Petri net method, compare Fig. El It en- 
ables application developers to find suitable sample solutions by their objectives, 
application domains, and their underlying Petri net types. 

The overview-based search offers several kind of overviews of sample solu- 
tions, for example an application domain specific overview. Such an overview 
sorts sample solution according to their indented application domain. It is sim- 
ilar to the overview-based search for select a Petri net method described above, 
see also Fig. El 

Before application developers select a certain sample solution to integrate it 
within their own application development they can use information about it, for 
example about the solved problem or the underlying Petri net type, and can 
consult the so-called solution guide for details. 



4 Application Developer View 

In this section, we will explain the structural model of the Application Developer 
View of our »Petri Net Baukasten« introduced in Section E This model com- 
prises classes of objects and their required relationships for enabling an assisted 
application development as depicted in Section 0 

Accordingly, we will take this model as basis for explaining the relationship 
between the Application Developer View and the Common Base described in 
Section El as well as between the Application Developer View and the Tool De- 
veloper View. 
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Fig. 20. Class diagram of the Application Developer View 



4.1 The Structural Model 

The structural model of the Application Developer View is depicted as a UML 
class diagram |S| in Fig. [23 It comprises classes specifying application domains, 
development methods, sample solutions, etc. Let’s have a closer look at the 
model. 

Application Domains. The core of our »Petri Net Baukasten« approach is 
application orientation. Therefore, application domains play a central role in 
our model. An application domain is identified by its name and explained by 
its description. Each application domain can be characterized by a number of 
application-oriented aspects reflecting all relevant entities and questions of a 
particular application domain. As an example, let us take the application do- 
main workflow management, which can be characterized by application-oriented 
aspects according to the workflow process definition meta model of the Work- 
flow Management Coalition (WfMC) documented in This includes workflow 
application, workflow participants, workflow process activity, workflow relevant 
data, etc. Each application-oriented aspect can be related to other application- 
oriented aspects as shown here by the relates to-relationship. For example, par- 
ticular application aspects may be refined by another aspects if a number of 
subaspects stand in a subaspect /superaspect relationship to it. We will omit the 
description of further relationships at this point. 

In principle, we would like to take different application domains into con- 
sideration. Therefore, one application domain may have a close relationship to 
another application domains, where one is the superdomain of the other. The 
superdomain of logistics, for example, could be business process modeling. 
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Development Methods. Furthermore, development methods play an impor- 
tant role in our model. A development method is specified by its name and its 
objective. It comprises a informal description, a so-called method guide, and 
one or more development techniques. Each and every development method is 
designated as a suitable method for supporting application development of a 
certain application domain, as depicted by the relationship applicationDomain 
between Development Method and Application Domain. There may be several 
tool recommendation for a development method. 



Development Techniques. Development techniques are specified by their 
names and objectives. They comprise an informal description, a so-called tech- 
nique guide. Development techniques are either universal or application domain- 
related. There may be several tool recommendation for a development technique. 



Sample Solutions. Sample solutions represent several proposed Petri net based 
solutions for different problems which are or are not application specific. Accord- 
ingly, sample solutions are related to a application domain or not. Each sample 
solution comprise a description, a so-called solution guide, using the terminology 
of the corresponding application domain. 



Keywords. Keywords can be assigned to several elements of our Application 
Developer View, e. g. development methods, sample solutions, etc. These key- 
words may be helpful in finding suitable Petri net methods, Petri net techniques, 
sample solutions, etc. later on. 



Glossaries. Similarly to the Common Base described in Section 0, glossaries 
also form an important part of the Application Developer View. Our intention is 
to manage one glossary for each application domain. The usual terms of a par- 
ticular application domain are explained within a so-called application-oriented 
glossary according to corresponding items, see Application-oriented Glossary and 
AppL- oriented Glossary Item in Fig. EDI 



4.2 Relation to the Common Base 

Fig. 1^ illustrates the close relation of the Application Developer View to the 
Common Base. It only depicts the elements of the Application Developer View 
which are directly related to elements of the Common Base. Compare Fig. EH 
and Fig. [3 We will have a closer look at the several relations in the following. 

Application Domains. A Petri net type may be related to an application 
domain, thus qualifying as a suitable one for a certain application domain, see 
relationship usefulPNtypes in Fig. 12 1 1 This relation may be differently used in 
several assistance methods. For example, before computing the suitable Petri 
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Fig. 21. Relation of the Application Developer View to the Common Base 



net types fulfilling the predefined requirements, the search space of an assistance 
method may be reduced to the useful Petri net types of the application domain 
selected earlier. 



Development Techniques. According to our definition of techniques, these 
are based on one or more languages. Petri net types are the only kinds of lan- 
guages considered in the »Petri Net Baukasten«. Therefore, this relationship 
is defined by a corresponding relationship between development techniques and 
Petri net types, see relationship languages in Fig. 

Sample Solution. A sample solution is based on a certain Petri net type. 
This relation is fixed in a corresponding relationship, see pntype in Figure El 
As for all the relationships between the Application Developer View and the 
Common Base illustrated in Figure El this relationship plays an important role 
in assisting application developers. For example, only the sample solutions of a 
certain Petri net type selected earlier may be offered to application developers. 

Application-Oriented Aspects. Application-oriented aspects stand in indi- 
rect relation to the Common Base. Let us assume that there may be more then 
one alternative possibility to express a single application-oriented aspect as re- 
gards the concepts of Petri nets. Each possibility - depicted as Suitable Means 
of Expression in Fig. - may address more than one Petri net characteristic 
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Fig. 22. Relation of the Application Developer View to the Tool Developer View 



representing the required concepts supported by a Petri net type. Compare re- 
lationship addresses in Fig. 1211 The Petri net conformity of application-oriented 
aspects is explicitly documented for each suitable means of expression. 

4.3 Relation to the Tool Developer View 

The relationship between the Application Developer View and the Tool Devel- 
oper View is depicted in Fig. E3 We can see here, a recommendation of tools 
supporting a technique or a method comprises one or more Petri net tools. 



5 An Assistance System for the Application Developer 

This section describes a so-called assistance system which realizes the >Petri Net 
Baukasten« concept in order to support application developers in the Petri net- 
based development of applications. This system supports application developers 
as in the use cases described in Section ESI In particular, the assistance system 
provides application-oriented information about Petri nets as described in the 
Application Developer View in Section 21 in order to help application developers 
in finding suitable Petri net techniques. 

Depending on the technical complexity, there are different possibilities for 
realizing such an assistance system. For example, it can be realized as an in- 
tegrated development environment with integrated control during application 
development, meaning high technical complexity, or it can be realized as a sys- 
tem which only supplies information without any control, meaning a lower level 
of technical complexity. The realization described here corresponds to the second 
variant and is based on World Wide Web (WWW) technology. 

5.1 Architecture of the Assistance System 

The architecture of the assistance system is illustrated in Figure E31 It is based 
on middleware technologies in order to support distribution of the graphical 
user interface (GUI), functionality (Services), and data (Repository) on different 
servers. 

Access to a repository is realized via an application programming interface 
(API). The API is a convenient interface, allowing abstraction from the repos- 
itory realization. The services realize assistance methods corresponding to the 
use case described in Section [t.,11 using the API. Therefore, the functionality of 
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Fig. 23. Middleware-based architecture of the assistance system 



the services is not influenced by the repository realization. The services are co- 
ordinated by a control unit. Interaction with application developers is realized 
via a graphical user interface (GUI). 

As mentioned above, the assistance system is based on the Internet service 
World Wide Web (WWW). The WWW supports different techniques for dy- 
namic information retrieval. For example, so-called JAVA applets implementing 
the graphical user interface can be integrated in HTML documents [S|. In this 
way, application developers can access the assistance system via the Internet us- 
ing an Internet browser such as the Netscape© Communicator. A WWW-based 
system architecture is illustrated in Figure El 

The functionality and the repository of the assistance system are located on 
servers connected via an intranet, which in turn is connected with the Internet. 
The Petri net tools may be located on download servers belonging to other 
intranets which are connected to the Internet. Maintenance of the assistance 
system is carried out via intranet access by »Petri Net Baukasten«:-developers. 

5.2 Structural Model of the Repository 

The assistance system is based on a repository which manages all relevant data 
of the Application Developer View and the Common Base. As the assistance 
system is intended to support access to the formal descriptions described in 
the Expert View and existing Petri net tools managed in the Tool Developer 
View, the repository must store appropriate data of these views, too. Figure ESI 
illustrates the data model of the repository. 

A more detailed illustration of the Application Developer View and the Com- 
mon Base have already been described in Fig. EDI and Fig. 0 
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Developer 

Fig. 24. World Wide Web-based architecture of the assistance system 




Fig. 25. The Common Base and the views upon Petri nets as part of the repository. 
Abbreviations are used as follows: CB - Common Base, ADV - Application Developer 
View, EV - Expert View, TDV - Tool Developer View 



6 Conclusion 

In this paper, we explained an assistance approach of the »Petri Net Baukas- 
ten« supporting application developers within a Petri net-based application de- 
velopment to improve the usability of Petri nets. This approach pursue objectives 
like application orientation, problem orientation, method orientation, tool orien- 
tation, and solution orientation. Several use cases are explained which describe 
the selection of suitable Petri net types, techniques, methods, and tools fulfilling 
the requirements of specific development tasks. Several assistance methods like 
overview-, form-, and checklist-based search are described for the different use 
cases. Information needed to realize the several use cases are described by struc- 
tural models which represent the so-called Application Developer View and the 
so-called Common Base of the »Petri Net Baukasten« respectively. The Appli- 
cation Developer View comprises application-oriented information about Petri 
nets. These information are related to Petri net types which are hierarchically 
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ordered in the Common Base. Moreover, an architecture of an WWW-based 
assistance system is proposed. 



State of the Work. Parts of the sketched assistance system are realized on 
an experimental basis. The hierarchical order of Petri net types called Petri net 
classification was developed using Rational Rose cni. The developed hierarchy 
representing the first upgrading level of our Petri net classification has been ex- 
ported into an Oracle database. This database is used by a service implementing 
the navigation through the Petri net classification to enable the selection of a 
suitable Petri net type. 
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Abstract. We show in this paper how the formalism of Parameterized 
Net Glasses is realized with the Petri Net Kernel. Parameterized Net 
Classes are an abstract notion of Petri nets using formal parameters to 
express Petri net type characteristics. This formalism allows the abstract 
formulation of formal concepts for a large variety of Petri net types. The 
Petri Net Kernel is a tool infrastructure supporting an easy implemen- 
tation of Petri net algorithms. Moreover, the Petri Net Kernel is not 
restricted to a fixed Petri net type. Instead, only the net type has to 
be implemented as “net type specification”. It is then used as basis for 
implemented application algorithms. In our paper we describe an imple- 
mentation of the formal net type parameters via an interface such that 
the parameter implementation can be transformed to a net type speci- 
fication for the Petri Net Kernel. This allows on the one hand a simple 
change of the net type by selecting a different combination of the actual 
net type parameters. On the other hand, applications (like simulation or 
analysis algorithms) can be developed generically, i.e. independently of 
the Petri net type, thus supporting rapid prototyping for Petri net tools. 
The implementation is embedded in the development of the »Petrinetz- 
Baukasten« and is therefore closely related to the contributions |.8I8I^4) 
in this volume. 



1 Introduction 

Unification Approaches Based on Parameterization. Since the introduc- 
tion of Petri nets more than 30 years ago, many extensions and variants have 
been proposed in literature for different purposes and application areas. The 
fact that Petri nets are widely used and considered an important topic in re- 
search shows the usefulness and the power of this formalism. Nevertheless, the 

* This work is part of the joint research project “DFG-Forschergruppe Petrinetz- 
Technologie” between H. Weber (Goordinator), H. Ehrig (both from the Technical 
University of Berlin) and W. Reisig (Humboldt-Universitat zu Berlin), supported 
by the German Research Council (DFG). 
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situation in the field of Petri nets is unsatisfactory as the different notions, defi- 
nitions and techniques, both in literature and in practice, make it difficult to find 
a common understanding and to provide good reasons for the practical use of 
the nets. Moreover, the unstructured variety of Petri net approaches causes re- 
formulations and re-examinations of similar concepts for each Petri net variant. 
Most of the different concepts for Petri nets are defined explicitly for a single net 
type (e.g. place/transition nets) although many of these notions are essentially 
the same for different kinds of net types. Therefore, approaches to unification 
have been developed, e.g. LMIlill.-il that employ the concept of parameteriza- 
tion. This permits the abstract formulation of formal concepts for a large variety 
of different net types. 



Parameterized Net Classes and the Petri Net Kernel. The aim of this 
paper is to describe the implementation of an abstract notion of Petri net types, 
namely their formalization as Parameterized Net Classes, a uniform approach 
which is elaborated in another contribution to this volume m- The concept of 
Parameterized Net Classes is also known in the context of Abstract Petri Nets 
[filliJOj . Here, the formal unification approach is combined with results concerning 
abstract Petri net morphisms that allow to express Petri net behavior and Petri 
net modifications. The formal framework of Abstract Petri Nets is based on 
category theory. Therefore, results obtained for Abstract Petri Nets and their 
morphisms hold as well in all instantiations, i.e. they are valid for all Petri net 
types that can be formalized as Abstract Petri Nets. 

Our implementation of the concept of Parameterized Net Classes is realized 
via an interface to the Petri Net Kernel (PNK) ^3j. The PNK provides an 
infrastructure offering methods for the administration and modification of Petri 
nets and allowing the user to define his own Petri net variant by implementing 
the specific characteristics of his net type. The design of the PNK was driven 
by the objective to support a quick implementation or integration of Petri net 
algorithms (e.g. for analysis, simulation, composition, ...) and to access basic net 
information via a simple interface. 

The PNK already offers concepts for a modular, object oriented design of 
Petri net algorithms. Our implementation extends the PNK in order to reuse 
program code corresponding to formal parameters in Parameterized Net Classes. 
Tool support for Parameterized Net Classes on the one hand offers a validation 
of theoretical concepts, on the other hand, it allows the definition of a Petri 
net type by choosing an arbitrary combination of orthogonal parameters. More- 
over, for the implementation of a new net type, it is possible to concentrate on 
the implementation of a new parameter and combine it with other already im- 
plemented parameters. Thus, Petri net algorithms implemented on the abstract 
level of Parameterized Net Classes are available without reimplementation for all 
kinds of Petri nets that can be defined by instantiating the formal parameters. 



The »Petrinetz-Baukasten«. Both the formal concept of Abstract Petri 
Nets and the development of the Petri Net Kernel are part of the research group 
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project Petri Net Teehnology (see the footnote on page C3- The goal of the 
project is to point out and elaborate Petri net techniques appropriate for indus- 
trial sized applications. These techniques are comprised in a »Petrinetz-Baukas- 
ten« 1231 to enable a more straightforward understanding of Petri net types, to 
support the use and development of Petri net tools, and the formal definition of 
Petri net semantics and theoretical results. The 2 »Petrinetz-Baukasten« there- 
fore establishes a classification concept for Petri nets as basis for these purposes. 
On the one hand, the »Petrinetz-Baukasten« introduces concepts and notations 
generally understandable to anybody with an engineering background, on the 
other hand it contains mathematical formal definitions to enable formal oper- 
ation on nets like analysis, structuring, simulation and verification. Hence, the 
»Petrinetz-Baukasten« is designed to be presentable in different views serving 
particular purposes. Figure ^shows these three views, related over the so-called 
Common Base, a classification of Petri net types. Here, we only name the main 
features of these views. For more details see the contributions mm in this 
volume. 

The Application Developer View im is the basis of application- 
oriented support for project development based on Petri nets as specifica- 
tion technique. It supports developers to find the Petri net types, techniques, 
methodology, tools and process models most adequate for their applications. 
Therefore, the Application Developer View provides standard and example 
solutions which may be integrated into the developer’s own work, descrip- 
tions of adequate methodologies, and application specific glossaries which 
relate technical terms from the application domain to Petri net notions used 
in the Common Base. 

— The major task of the Expert View m is to provide the formal foundation 
of the 2 >Petrinetz-Baukasten« in terms of mathematical presentation of the 
underlying notions and results. The Expert View provides a uniform struc- 
turing of the theory of Petri nets: The uniform definition of new notions is 
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supported, and the transfer of results is facilitated. For structuring the theory 
of Petri nets, the Expert View distinguishes essential notions which comprise 
abstract Petri net frames, formal Petri net techniques, instantiations, and 
transformations. Abstract Petri net frames have formal parameters which 
are integrated into an abstract description of Petri nets. Parameterized Net 
Classes as applied in this paper (introduced in Section [3) are one example 
for an abstract Petri net frame. The formal parameters are the data type pa- 
rameter, formalized as specification frames and the net structure parameter, 
formalized as composite functor between adequate categories representing 
sets of places and structures on tokens 

— The Tool Developer View 1221 supports Petri net tool developers in dif- 
ferent ways: The tool developer who wants to announce an existing tool is 
supported by referring or distributing the tool. Developers who want to ex- 
tend an existing Petri net tool or to build a new Petri net tool are helped 
by the Tool Developer View suggesting already implemented Petri net types 
and algorithms (administration of Petri net tools). Additionally, the Petri 
Net Kernel (PNK) as the main component of the Tool Developer View, of- 
fers an infrastructure for building new Petri net tools by providing standard 
operations on nets, a graphical Petri net editor and a graphical user inter- 
face. Moreover, the PNK is not restricted to a particular Petri net type. For 
more details see Sections 0 and 01 Furthermore, the PNK is extended by a 
repository of PNK application functions. These functions can be used by a 
developer of a PNK application. 

The three views of the >Petrinetz-Baukasten« are linked over the Common 
Base that presents Petri nets in a semiformal classification hierarchy. Variants 
of Petri nets are informally described by the notions they comprise. The Ap- 
plication Developer View is linked to the Tool Developer View and provides an 
interface for the choice and use of Petri net tools and algorithms. Also, it is 
linked to the Expert View and provides an interface for the user to access the 
mathematical definition as well as theoretical foundation concepts concerning 
operations and semantics of a Petri net type. For a detailed description of the 
views and their relation via the Common Base see 0. 

In our paper, we focus on the relation between the Tool Developer View and 
the Expert View. After a review of the theoretical concepts of Parameterized 
Net Classes and their algebraic formalization in Section 2, Section 3 sketches the 
concepts and the use of the PNK, a tool infrastructure for working with Petri nets 
of different net types. The main new result of our work consists of the design and 
implementation of interfaces that map the parameters of the theoretical concepts 
to attributes within the PNK implementation. These interfaces and their use 
for the sample implementation of Algebraic High-Level nets as an instance of 
Parameterized Net Classes are described in Section 4. 

2 Introduction to Parameterized Net Classes 

In order to allow a uniform approach to different kinds of Petri net classes, 
the concept of Parameterized Net Classes was introduced in 122 ]. By different 
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actualizations of net type parameters, several well-known net variants can be 
formalized, like elementary nets, place-transition nets, coloured Petri nets, pred- 
icate transition nets and algebraic high-level nets, as well as several interesting 
new classes of low- and high-level nets. The basic idea of this uniform approach 
to Petri nets is to distinguish two parameters that describe the characteristics 
of a Petri net variant. These characteristics are the net structure defining the 
structure of the places and hence the markings Q and (for high-level Petri nets) 
the data type specifying the internal structure of tokens for this net type. In 
the case of low-level Petri nets, the data type is trivial, as only black tokens are 
allowed on the places. The instantiation of these parameters leads to different 
Petri net types. In this section, we introduce the net structure parameter and 
the data type parameter. We sketch their instantiation with actual parameters 
in order to obtain actual net types. For a formal definition of Parameterized Net 
Classes and the instantiation of formal parameters with actual parameters, we 
refer the reader to the contribution 1241 in this volume. 



Parameters for Net Classes. The net structure parameter is sufficient to de- 
scribe different low-level net types. In software industry, quite a large amount of 
low-level net variants have been developed over the last 30 years (see e.g. [27^21)] ) 
that are equipped with additional features and/or restrictions. We here review 
an abstraction of the net structure that can be instantiated to several low-level 
net types, including place/transition nets, elementary nets, variants of these and 
S-graphs. 

For an abstract notion of high-level nets, we additionally need an abstrac- 
tion of the data type used to describe the tokens, because several data type 
formalisms have been integrated with Petri nets leading to different notions 
of high-level nets. Typical examples are the following combinations: indexed 
sets with place/transition nets leading to Coloured Petri nets, predicate logic 
with elementary nets leading to predicate/transition nets jOj, algebraic speci- 
fications with place/ transition nets leading to algebraic high-level nets |25l2iS| . 
ML with place/transition nets leading to Coloured Petri nets OBJ2 with 
superposed automata nets leading to OBJSA-nets PJ and algebraic specifications 
with the Petri Box Calculus |2| leading to M-nets PH. Object-oriented analy- 
sis and programming techniques are currently the de-facto standard of software 
development. This has lead to a variety of object-oriented Petri net formalisms 
combining Petri net structure with token objects or classes (see e.g. |30|)- 



Algebraic Presentation of the Net Structure Parameter. The formal 
basis for the definition of the parameters is the algebraic presentation of Petri 
nets using functions to relate a transition to its pre and post domain, introduced 
by Meseguer and Montanari in m- In this algebraic presentation, a place/tran- 
sition net N is given hy N = {P, T,pre^post : T — >■ P®) with P and T being the 

^ As net and marking structure can differ for some net types, introduces dif- 

ferent parameters for these. The integration of a distinct flow parameter into our 
implementation of Parameterized Net Classes is subject to future work. 
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sets of places and transitions, and pre and post being functions from T to the 
free commutative monoid P® over P. This construction corresponds to multisets 
over the set P of places. The pre domain of a transition t therefore can be writ- 
ten as a linear sum pre{t) = for rii € IN, denoting how many black 

tokens have to be held by which places in the pre domain to enable transition 
t. For example, a pre domain function pre{t) = 2pi © 3p2 denotes that the arc 
inscription of the arc from pi to t is 2, and the inscription of the arc from p 2 to 
t is 3 and there are no other incoming arcs for t. The marking of a place/tran- 
sition net then is given by some element m £ P®, and the operations for the 
computation of the firing behaviour are comparison, subtraction and addition 
based on linear sums, defined over the monoid operation. 

Elementary nets consist of a set of places and a set of transitions, but the arc 
weight always equals one and the marking consists of at most one token on each 
place. A transition is enabled if there are enough tokens in the pre domain and no 
tokens in the post domain. The marking is a subset of the set of places, as there 
is only one token allowed on each place. The arc weight also can be expressed 
by a subset of the set of places. In the algebraic version of elementary nets, 
transitions are mapped to the powerset P(P) of P by a pre- and a post domain 
function pre, post : T — >■ P(P). Each element m £ P(P) can be considered as a 
marking of the elementary net. The firing behaviour makes use of the order on 
sets and the operations union and complement on sets. 

These algebraic presentations m are equivalent to the classical presenta- 
tions (see e.g. ra). but have the advantage to be axiomatic, and thus sim- 
pler to generalize. The constructions P(P) and P® for each set P of places 
then can be considered as functions from the class Sets of all sets via some 
class Struct of semigroups to the class Sets0. We consider P(P) and P® as 
sets. The use of sets instead of semigroups allows the mapping from the tran- 
sitions to these sets. This motivates that in general, an actual net structure 

parameter fo a net type can be considered as the composition of two functions: 
F G 

Net : Sets — > Struct — > Sets. Based on the function Net, we can describe 
Petri nets uniformly by pre, post : T — >■ Net{P), where the specific net class 
depends on the choice of the function Net. Then, P(P) denotes the markings 
and the pre and post domains of the transitions, and G relates the chosen con- 
struction (e.g. free monoids, power sets, ..) to sets. 



Algebraic Presentation of the Data Type Parameter. For a generaliza- 
tion of the different data type representation used in combination with Petri 
nets, the notion of institutions m) is employed. Institutions provide a well- 
established abstract description of data type formalisms. The basic idea in gen- 
eralizing different formalisms as algebraic specifications, predicate logic, ML, etc. 
is to assume axiomatically some data type specification SPEC £ SpecClass 
and a class of models Model(SpecClass). Based on this theory, an actual data 
type parameter consists of a class SpecClass of data type specifications and 



^ The constructions are in fact given by a pair of adjoint functors in I2(l2ll22l For 
simplicity is suffices to regard them as functions in this context. 
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for each SPEC G SpecClass, a class Model(SpecClass) of models satisfying 
the specification SPEC. Hence, the parameter can be represented by a function 
Model : SpecClass — ModelClasses where ModelClasses is the (super)class 
of all model classes. 

Example 2.1 (Algebraic High-Level Nets) 

Algebraic High-Level Nets (short AHL nets) |2Sj combine place/transition nets 
and algebraic specifications in the sense of [51 ■ 

They are defined by the same actual net structure parameter as place/tran- 
sition nets, namely Net = (_)®, the construction of free commutative monoids 
over sets. The net structure is defined algebraically by the pre and post domain 
functions pre, post : T — >■ {Top{X) x P)® with Top{X) being terms with vari- 
ables over the signature. The respective marking structure is an element of the 
commutative monoid of (A x P)® with A being an adequate S'PPC'-algebra. 

The data type is formalized as an algebraic specification SPEC = {S, OP, E) 
with S being sorts, OP operation symbols and E equations over the signature 
SIC = {S,OP). The arc inscriptions in AHL nets are given by terms with 
variables over the signature. The class of models for an AHL net data type is 
the class of S'JG-algebras satisfying the equations E. One model, i.e. one of those 
S/G- algebras, defines the tokens (elements of the carrier sets for each sort) that 
are allowed on the places of the AHL net. 

Thus, the actual data type parameter is given as follows: Let SpecClass be 
the class of all algebraic specifications SPEC = {S, OP, E) and Alg(SPEC) be 
the class of all iSPEG- algebras A (see jSj). Then we obtain the actual data type 
parameter as function Model = Alg : SpecClass — >■ ModelClasses that relates 
each specification SPEC to the model class Alg(SPEC) of SPEC-algebras. 

0 

The following definition summarizes the notion of formal parameters of net 
classes: 

Definition 2.2 (Formal Parameters of Net Classes) 

The formal net structure parameter and the formal data type parameter are 

F G 

given by the functions Net : Sets — Struct — > Sets and Model : SpecClass 
— >■ ModelClasses as described above. A 

Obviously, a uniform approach to Petri nets should comprise both low-level 
nets as well as high-level nets. We therefore consider low-level nets as a special 
case of high-level nets with a data type that yields only one data element, the 
black token. We call this the trivial actual data type parameter. 

A survey of some actual net types defined by the actual parameters (i.e. in- 
stantiations of the formal parameters) is given in the Petri Net Square, shown 
in Figure El The parameters can be seen as the two dimensions of the square, 
whereas well-known Petri net types each correspond to one point in the Petri 
Net Square. 
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Fig. 2. The Petri Net Square of Parameterized Net Classes 



3 The Petri Net Kernel 

The development of the Petri Net Kernel (PNK) was initiated in 1996 as a 
vision of a universal Petri net tool HS|. Today, the Petri Net Kernel HH is an 
infrastructure for an easy implementation of Petri net algorithms concerning 
simulation, analysis or verification of Petri nets. The PNK realizes standard 
operations on nets like loading and saving of nets, accessing and modifying net 
characteristics. Hence, the developer of a Petri net application is relieved from 
building a parser for loading nets from a file or from dealing with graphical 
user interfaces to represent nets graphically. Rather, one can concentrate on 
implementing the algorithmic idea. When the algorithm is implemented, the 
developer gets with the help of the PNK an executable Petri net tool prototype. 

The PNK provides several interfaces. The application interface comprises 
some functions on Petri nets for programming applications. The editor interface 
describes the interaction between the PNK and an editor. It contains functions 
which are provided by the PNK. They must be provided by an editor for a proper 
interaction between a PNK based tool and its user. The PNK is equipped with a 
simple graphical net editor. This editor can be replaced by another editor, pro- 
vided it conforms to the editor interface. Both, the application interface and the 
editor interface can be used by a PNK user for building prototypes of Petri net 
tools. The PNK itself as well as its applications are written in the programming 
language Python an object oriented interpreted language. In the Python 
implementation, the PNK provides a textual storage format for net information 
which can also be used from external tools working with the PNK. Currently, a 
re-implementation of the PNK in Java is realized, together with the definition 
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Fig. 3. The basic structure of a PNK based Petri net tool 



of a generic interchange format for Petri nets based on XML m The intended 
interchange format aims to support the transfer of net data between different 
tools. The PNK then can be seen as a tool integrator providing a universal in- 
terface for Petri net tools. On this basis, solutions of different tasks concerning 
Petri nets of different types could be exchanged between tools supporting this 
interchange format. 

A very important feature of the PNK is that it is not restricted to a fixed 
Petri net type or a fixed set of Petri net types. It is possible to define new Petri 
net types. The net type interface describes how an application programmer may 
define his own Petri net type with specific extensions. 

Figure 0 shows the basic structure of a PNK based Petri net tool consisting 
of several already implemented parts and several application functions which are 
implemented by a PNK user. The parts already implemented are the PNK itself, 
a graphical editor, the application control and some Petri net types. A Petri net 
type is passed as a parameter of the PNK via the net type interface. Whereas, 
an application function uses the PNK via the application interface. 

In the following, we describe the application interface and the net type in- 
terface to the Petri Net Kernel before the implementation of an interface for 
Parameterized Net Classes as introduced in Section El 



The Application Interface. To give a flavour of the usage of the PNK, 
we show the complete code of an executable application function in Listing 1. 
The execution of this code starts the PNK for P/T-nets and the editor of the 
PNK with a further menu button labelled with ‘ example _app’. Now, an appli- 
cation user may model or load a P/T-net. The example application function 
excunple_app starting after pressing the new menu button shows for each place 
in the preset of each transition an information string if the place is currently 
marked. 



Claudia Ermel and Michael Weber 



Listing 1. An application function of the PNK 



1 

2 

3 

4 

5 

6 

7 

8 
9 

10 

11 

12 

13 



from Build_Application import Build_Application 
from Specification import PT_Specif ication 

def example_app(net) : 

for transition in net .get_Transitions 0 : 
for place m transition. get_Preset () : 

if place . get_current_Mark() .is_marked() : 

net . sho¥_information("The place " + place . get_Name() + 
" in the preset of transition " + 
transition. get_Name() + 
" is marked.") 

Build_Applicat ion (PT_Specif ication , example_app) 



Line 1 of Listing 1 imports a function Build_Application from the PNK dis- 
tribution package with the same name. The function is used as a link to the PNK 
and its editor. Line 2 imports the Petri net type definition (PT_Specif ication) 
specifying the net type for which the example application function should run — 
in our case P/T-nets — from the PNK package Specification. The definition 
of our application function starts with Line 4 and ends with Line 11. Finally, 
Line 13 links the application function to the PNK initialized for P/T-nets and 
the editor of the PNK in order to build an executable application. 

An application function uses the several interfaces of the PNK allowing to 
access the net currently stored in the PNK. Our example, the application func- 
tion in Listing 1 uses a few methods of the interfaces e.g. to get all transitions of 
the net (Line 5), to get all places in the preset of a certain transition (Line 6), to 
get the current marking of a certain place and an information whether a place is 
marked or not (Line 7). Lines 8 till 11 contain a user interface method to interact 
with a user. Of course, there are many methods (about 80) to get a comfortable 
access to different Petri net elements and to interact with an application user. 
For more details see m 



The Net Type Interface. The PNK can be used with any kind of Petri net. 
The net type is given as an implementation of the net type interface, providing 
the following information: 

— the representation of markings, as well as addition, subtraction and compar- 
ison operations on markings; (see for example the method is_marked() of 
Line 7 of Listing 1), 

— a description of valid transition modes (e. g. assignments of variables) as well 
as a conversion operation from arc inscriptions into a corresponding marking 
for a given mode, 

— the representation of arc inscriptions. 
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Fig. 4. The Petri Net Kernel and its Net Type Interface before the Implementation of 
Parameterized Net Classes 



— some further extensions concerning the net as a whole — such as definitions 
of variables and function symbols to be used in arc inscriptions of high-level 
Petri nets, 

— extensions for certain elements of a Petri net, e.g. transition guards or time 
delay on places. 

This information is provided by implementing derived classes of the classes 
Marking, Mode, Inscription, and Extension. They are represented by at- 
tributes in the class Specification (of the net type) which is passed as the 
net type parameter to the PNK. 

The design idea of the net type interface follows intuitively from the PNK 
architecture, where adequate and easy handling of net information was the main 
goal. Figure 21 shows the different layers of a Petri net type specification using 
the PNK. The basic PNK layer mainly consists of the four classes Net, Place, 
Tramsition, and Arc defining modification and access methods for the net el- 
ements. The rest is defined by the net type implementation, which has to be 
implemented for each new Petri net type that will be used by applications. 
The net type implementation defines the net characteristics by implementing 
attributes of the respective net classes: The class Place requires an implementa- 
tion of Marking, the class Transition requires an implementation of Mode, and 
the class Arc requires an implementation of Inscription. Additional informa- 
tion e.g. transition guards or variables are implemented in classes derived from 
the class Extension. The classes Marking, Mode, Inscription and Extension 
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are realized as additional attributes of the classes Place, Transition, Arc, or 
Net, respectivly. 

Example 3.1 (Implementing HL-Nets as Net Type for the PNK) 

An example implementation of a simple high-level net type is sketched in Fig- 
ure El by respective classes implementing the abstract net type interface classes 
Marking, Mode, Inscription and Extension. We here outline the implemented 
structures and methods. For a detailed documentation of this net type see na. 

— The implementation HL-Marking of the abstract class Marking uses Python 
dictionaries to store multisets of integers (tokens). For example, a marking 
of a place with the multiset of numbers {1,1, 2, 3, 3, 3} is represented by 
the dictionary [1 : 2,2 : 1,3 : 3] where each pair denotes the token and 
how often it appears on the place. The class contains methods to check the 
validity of a marking, to get the current marking or set a new marking, and 
to add/subtract markings to/from the dictionary. 

— The class HL-lnscr implements the abstract class Inscription. Here, we 
assume for simplicity that any string could be an arc inscription of our net 
type. Again, methods to set and get arc inscriptions are provided, as well as 
a method to check the syntactical correctness of a given arc inscription. 

— The class HL-Mode is implementing the class Mode and defines the firing 
modes of transitions. A firing mode is an assignment of integers to all glob- 
ally defined variables. Therefore, a mode is realized as dictionary in which 
each variable holds a value. Apart from get and set methods for modes, 
methods are implemented to compute a new assignment for the variables 
and to translate an arc inscription to a marking under the current variable 
assignment. The modes are connected tightly to the list of variables from 
the class HL-Decl. 

— The class HL-Decl inherits from the abstract class Extension. In HL-Decl, 
methods are provided for two extensions, namely the declaration of variables 
(e.g. xl, yl, z) and the definition of functions (e.g. def f (x) ; return 
x*x). Variables and functions then can be used in arc inscriptions. Again, 
the get and set methods show or modify the current declarations of variables 
or functions, and a check method tests their syntactical correctness. 



0 



4 Implementing Parameterized Net Classes 

This section deals with our main result, the implementation of Parameterized 
Net Classes with the Petri Net Kernel. 

In the previous section we dealt with the net type interface of the original 
version of the Petri Net Kernel. Obviously, the method of reimplementing the 
net type specification makes it difficult to reuse parts of existing net type spec- 
ifications (apart from copy & paste). A user could wish, for example, to have a 
high-level net with the behaviour of a condition/event net. Another user maybe 
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wants to enhance a Petri net type by techniques to describe a data type for to- 
kens. Based on the theory of formal parameters for net structure and data type, 
we therefore design a new interface to the PNK, called Squareinterface. This new 
interface enables the user to implement two corresponding actual parameters 
independently from each other. Moreover, it should be possible to combine two 
actual parameters arbitrarily to get different Petri net types as shown in the 
illustration of the Petri Net Square (Figured). 

We describe a new net type specification layer that allows the definition of 
two parameters. The net type specification layer is called SquareSpecification 
and links the description of formal parameters to the original net type interface 
of the PNK. The parameters are accessed by the user via an interface called 
Squareinterface. The two dimensions of the Petri net square net structure and 
data type are required as parameters for SquareSpecification and correspond to 
the two formal parameters as described in Section 0 The main achievement of 
this implementation is that the formally described combination of orthogonal 
parameters now is supported by a tool. Thus, a new Petri net type can simply 
be defined by choosing a combination of already implemented parameters. The 
net type specification SquareSpecification generates from the actual parameters 
given via Squareinterface a Petri net type specification for the PNK. This section 
describes how the parameters are realized by Squareinterface. 

Figure shows the different layers of a Petri net type specification using 
the net type parameter interface Squareinterface and the net type specification 
SquareSpecification. The PNK and the original net type interface remain un- 
changed (see Figure^ to allow a further use by applications that rely on net 
types already implemented without the Squareinterface parameters. 

As sample implementation we again consider AHL nets (according to Exam- 
ple and sketch how the net structure parameter and the data type parameter 
are implemented using the Squareinterface for Parameterized Net Classes. 



Example 4.1 (Implementing AHL Nets as Parameterized Net Class) 

In AHL nets, arcs connecting places and transitions are inscribed with terms 
with variables over an algebraic specification SPEC. These inscriptions symbol- 
ize the data taken from the pre domain or put to the post domain of a transition. 
A state of an AHL net is given by a marking M G {A x P)®, i.e. a distribution 
of data elements of a S P EC-algehra, A on the places in P. The operational be- 
haviour is realized by the firing of transitions under a consistent assignment asg 
of their variables. The firing effect is formalized by subtracting the data elements 
in the pre domain from the marking M and adding the data elements in the post 
domain to M according to the assignment asg\ Let t be an enabled transition 
and M the current marking. The firing of t results in the follower marking M' 
which is computed by M' = M 0pre®g(t) ©post®g(t). 

Figure El shows a simple AHL net N = {SPEC, P,T, pre, post, A) consisting 



of 



92 



Claudia Ermel and Michael Weber 




Fig. 5. The Petri Net Kernel and its Interface for Parameterized Net Classes 



— an Algebraic Specification SPEC = {S, OP, E) as shown in the Declaration 
Editor window of FigureQ Here, the paragraphs SORTS, OPNS and EQNS 
correspond to the constituents S, OP and E of the specification; 

— the set P — {Patients, Identity, Name, Sex} of places; 

— the set T = {Split} of transitions; 

— the pre domain function pre : T — (Top{X) x P)® with pre(Split) = 
{p, Patients); 

— the post domain function post : T — >■ (Top{X) x P)® with post(Split) 
= {g et I d{p). Identity) © {getName{p), Name) © {getSex{p), Sex) © {p. 
Patients); 

— the A-quotient term algebra realized over the algebra A = {Sets, Functions) 
with the carrier sets Sets as given in the Declaration Editor window of Figure 
Q paragraph SETS (where each set corresponds to one sort of the specifica- 
tion SPEC). The Functions are ground terms over the data elements from 
Sets with a special binding of constant symbols, again being defined in the 
Declaration Editor window of Figured paragraph CONST. Elements of this 
algebra, e.g. patient{Smith,masc,l) are tokens and can be composed to a 
marking by the commutative monoid addition operation “©” . . 

The example AHL net models a small part of the patient record administra- 
tion of a hospital information management system. Here, we want to clarify the 
relation of the net inscriptions and the algebraic specification. The transition 
Split is enabled if there is a variable binding for the variable p (the only variable 
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Identity 




Fig. 6. AHL Net Patient Record Administration 



in Split's pre domain). A variable in an arc expression must be bound to an 
element of the algebra, such that the evaluation of the arc expression then cor- 
responds to a token on the place in the pre domain. In our example, we assume 
that the variable p is bound to the data element patient{Brown, femin,2). 
The firing of transition Split would produce the tokens 2 on place Identity, 
Brown on place Name and femin on place Sex. Let us consider the arc from 
the transition to the place Identity in its post domain. To compute the tokens 
produced on the place Identity, the term inscriptions of the arc have to be 
evaluated with the help of the equations of the algebraic specification. As vari- 
able p is bound to patient{Brown, femin, 2), the left hand side of the equation 
getl d{patient{n, s, i)) = i is matching, with the variables of the equation bound 
by n = Brown, s = femin and i = 2. The left hand side of the equation is 
replaced by its right hand side, namely i which evaluates to 2. Thus, token “2” 
is produced on place Identity. 

Figured shows the graphical user interface of the PNK. The AHL net Patient 
Record Administration has been drawn in the graphical net editor on the right, 
and the data type declaration has been edited with the declaration editor on the 
left-hand side. 

The net structure parameter for AHL nets. Net = (_)®, is implemented as 
list that may contain the same elements more than once. The implementation of 
the data type parameter for AHL nets requires a data type parser. This parser 
reads the declaration expression as given by the user in the declaration editor 
(see Figured. This declaration consists of the algebraic specification (the parts 
SORTS, VARS, OPNS and EQNS) and information to generate the model (the 
parts SETS and CONST), i.e. an A-qotient term algebra, see jS|). Note that 
both components, namely the abstract data type specification and the model 
are thus given by the user in form of one syntactical expression. 
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PNSquare - example_AHL.net" 



File I Page | Extensions 1 ^ew ] ^tions 






PNSquare 



DECLARATION 



jsORTS Patient, Id, Name. Sex~~i~ 
VARS n; 

S; 

P: 



Namej 

Sex; 

Patient 

Id; 



[OPNS patient; Name, Sex, Id -> Patient; 
getName: Patient -> Name; 
getSex: Patient -> Sex; 
getid; Patient -> Id; 
m, f; -> Sex; 

EQNS 

getId (patient (n, s, i) ) = i; 
getName (patient(n, s, i) ) = n; 
getSex(patient(n, 3, i) ) » s; 

IsETS Name = {Smith, Wesson, Brown}; 

Id = {1,2,3}; 

Sex * {masc, femin}; 

jcONST m = masc; 

f s femin; 

Apply 






d_ 



PNOquai'e - example_AHL.net - Page 1 




Patient 

patient(Smith,masc,1(rp^ent(Brown,femin,2) Name| 

getN»e<p> 



getSex<p> 



Fig. 7. The PNK GUI with the AHL Net Patient Record Administration 



The parser then yields the syntactical components as attributes of the data 
type parameter’s constructor. The formal actual data type Model = Alg(SPEC) 
is realized by the data type parser in the following way: The algebraic specifica- 
tion SPEC = {S, OP, E) is implemented by a list of sorts (attribute sortlist), 
the dictionary opndict relating operation symbols to their domain sorts and 
codomain sort and the list eqnlist of equations implemented as list of pairs 
of terms that correspond to the left and right hand sides of an equation. The 
algebra as model of the data type specification is the A-quotient term algebra 
realized over the signature and the algebra A = {Sets, E unctions) with Sets 
given as the attribute setdict relating sorts from the signature to concrete sets 
of data elements. Eunctions are ground terms of the signature, i.e. terms without 
variables. But instead of constant symbols from the signature, these Eunctions 
contain data elements of Sets. The relation of constant symbols and data ele- 
ments is specified by the user in the declaration editor and is implemented in 
the attribute constdict. 

When generating the attribute structures from the declaration, the parser 
peforms several syntactical and static semantical (type) checks. Thus, it is guar- 
anteed that the declaration corresponds to the syntax of an AHL data type, given 
implicitly by the parser being based on an EBNF-grammar. Type checks make 
sure, for example, that equations consist of terms of the signature, that the term 
sorts of the left and the right hand equation sides are matching and that variable 
sorts correspond to the sorts of the operation arguments they are contained in. 
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The generated attributes then are used for example in a simulator application 
to check whether arc inscriptions and place markings are syntactically correct 
or not, and to compute transition firing modes. 

0 

After having implemented both net structure and data type parameter for a 
net type (as shown for AHL nets in Example ED, generic Petri net algorithms 
can be applied that are designed for Parameterized Net Classes in general, thus 
independent of the actual Petri net type parameters. Currently, a generic simu- 
lation application is available for Petri net types implementing the interface for 
Parameterized Net Classes. The information to be provided by the data type 
parameter implementation concern the firing mode, i.e. a variable binding used 
to compute a possible marking from an arc inscription. The data type param- 
eter interface ensures that there is a method eval implemented that generates 
a token from an arc inscription term in the current transition mode. In our 
example of AHL nets, the equations from the data type specification are used 
to reduce a generated token. The token is compared to the left-hand side of 
each equation. If a match is found, the equation’s variables are bound to the 
respective data elements in the token, and the right-hand side of the equation is 
evaluated according to this variable binding and replaces the generated token. 
This process is repeated until no more matching equations are found. The data 
type specification equations therefore must not be cyclic. 

In the following, we consider the parameter interface classes and their meth- 
ods in more detail. 



The Net Structure Parameter Interface. The actual net structure param- 
eter is implemented as derived class of Collection. This abstract class describes 
operations working on a collection of elements, like adding an object to the 
collection, uniting two collections, deleting an element from a collection, sub- 
tracting a subcollection, and accessing elements. The detailed organization of 
the collection as set, multiset or FIFO list is realized in the implementation of 
the class of Collection. An implementation of Collection then realizes for example 
a structure that keeps track of the order when adding new elements (sequence, 
FIFO), or a structure that can contain the same elements with a multiplicity 
(multiset or commutative monoid), or a structure that contains each element at 
most once (set). 



The Data Type Parameter Interface. The interface Squareinterface com- 
prises quite a large amount of methods to enable the definition of an actual 
data type parameter (a declaration). Besides, firing modes of transitions can be 
related to arc inscriptions that are described as terms over the data type specifi- 
cation. Firing modes have to be able to generate tokens from terms, and tokens 
have to be able to be compared with other tokens. From the implementation 
of these features, SquareSpecification can generate structures that correspond to 
the net type interface of the PNK. 
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An actual data type parameter is implemented as a set of derived classes of 
the following abstract classes contained in the package Squareinterface: 

— Token 

Here, the token structure is described (e.g. Integer, String, ...); 

— Declaration 

This class contains the declaration of variables used in arc inscriptions, and, 
if necessary, signatures, data type specifications, algebras, ... (usually imple- 
mented as lists or dictionaries); 

— Sort 

Here, the place sorts are described; 

— Mode 

Contains methods for the computation of a new valid firing mode of transi- 
tions. 

— Term 

This class describes the construction of terms over tokens. Usually, variables 
(found in the class Declaration) and simple tokens (as given in the class 
Token) are accepted as simple terms. Additionally, terms may be derived 
from a data type specification given in the class Declaration. 

Defining Net Types by Parameter Selection. Once implemented, the pa- 
rameters are accessable for a Petri Net Kernel user via a PN-Square graphical 
user interface (see Figure |H|). Here, the user may choose between different com- 
binations of actual parameters and gets a graphical editor for the concrete net 
type that results from the selected combination. This graphical user interface in 
combination with the realization of the Squareinterface is the tool corresponding 
to the formal Petri Net Square as given in Figure 0 

In the following, we describe some of the implemented parameters and their 
combinations according to Figure 0 

The following actual Data Type Parameters are implemented and made avail- 
able via Squareinterface: 

1. Black Token 

A token is represented as a ’-string in the graphical editor. The only trivial 
firing mode allows black tokens as arc inscriptions. 

2. Simple Coloured Tokens with finite Token Colours 

Here simple high-level tokens are described, i.e. a finite number of integers. 

3. Simple Coloured Tokens with infinite Token Colours 

Here simple high-level tokens are described again but potentially unbound 
according to the Python language’s maximal integer. 

4. Algebraic Data Type Specification This data type parameter describes an 
algebraic specification (sorts, operations, equations) and a model, i.e. an 
algebra to this specification. Tokens are data elements of the algebra, (see 
the sample implementation of the data type parameter for the AHL net in 
Example K.ll above'l. 

There are three actual Net Structure Parameters currently implemented and 
available to the PNK user via Squareinterface: 
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PNSqiiare 


Net Stnicture 


Multiset 


Set 


Sequence 


Data Type 








Black Token 


1.1 


1.2 


1.3 


simple 

Coloured Token 
(finite) 


2.1 


2.2 


2.3 


simple 

Coloured Token 
(infinite) 


3.1 


3.2 


3.3 


Algebraic Data Type Specification 


4.1 


4.2 


4.3 



Fig. 8. The PN-Square Graphical User Interface of the PNK 
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1. Multiset 

A marking is implemented as a multiset over tokens, i.e. an element in a 
multiset may occur more than once, (see the sample implementation of the 
net structure parameter for the AHL net in Example above) . 

2. Set 

A marking is implemented as a set over tokens. This means that an element 
in a set may occur only once, i.e. the insertion of an element into a set already 
containing this element fails. 

3. Sequence 

A marking is implemented as a sequence over tokens. This means that the 
elements in a sequence are ordered by insertion. An element may occur more 
than once. Removing of an element is possible only at the head of a sequence, 
whereas insertion is realized at its tail. 



Actual Parameter Combinations. An arbitrary combination of one actual 
data type parameter and one actual net structure parameter results in the spec- 
ification of one Petri net type. We list the Petri net types whose implementation 
is realized by combining one of the actual data type parameters already im- 
plemented to one of the actual net structure parameters already implemented. 
The numbering of our Petri net type examples corresponds to the numbering in 
the PN-Square in Figure 0 , where the first number refers to the number of the 
corresponding data type parameter, the second number denotes the net struc- 
ture parameter. Note that the case “FIFO” (net structure parameter Sequence) 
makes sense only for the marking structure but not for the net structure. 

1.1 Place/Transition Nets 

1.2 Elementary Nets 

1.3 Black-Token-FIFO Nets (which have the same behaviour as P/T Nets) 

2.1 Simple Coloured Nets (finite token number) 

2.2 Simple Coloured Nets (finite token number) without multiple tokens on each 
place, comparable to Predicate-Event Systems 

2.3 Simple Coloured Nets (finite token number) with FIFO places 

3.1 Simple Coloured Nets (infinite token number) 

3.2 Simple Coloured Nets (infinite token number) without multiple tokens on 
each place, comparable to Predicate-Event Systems 

3.3 Simple Coloured Nets (infinite token number) with FIFO places 

4.1 Algebraic High-Level Nets 

4.2 Algebraic High-Level Nets without multiple tokens on each place 

4.3 Algebraic High-Level Nets with FIFO places. 



A Generic Application for all Parameter Combinations. Using the ex- 
ample of a simulation algorithm animating the token game for one transition 
selected in the editor, we here sketch the implementation of a generic application 
which can be applied to all Petri net types that can be defined as combination 
of actual parameters, as represented in Figure El 
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Listing 2. The Generic Simulator Application 



1 

2 

3 

4 
6 
6 

7 

8 
9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 
21 
22 

23 

24 
26 
26 



def is_activated (transition) : 

mode = transition. get_Mode 0 
while 1 : 

for arc in transition. get_Edges_in () : 

if not arc .get_Source 0 .get_current_Mark 0 . contains ( 
mode . eval (arc . get_Inscription () ) ) 
break # try next mode 
else : 

return TRUE # found valid mode 
if mode . exits_next 0 : 
mode .next () 
else : 

return FALSE # no valid mode found 

def fire (transition) : 

for arc in transition. get_Edges_in () : 
place = arc . get_Source 0 
place . change_current_Mark ( 
place .get_current_Mark 0 . subtract ( 

mode . eval (arc . get_Inscription () ) ) ) 

for arc in transition. get_Edges_out () : 
place = arc . get_Target 0 
place . change_current_Mark ( 
place. get_cur rent _Mark() . add ( 

mode . eval (arc . get_Inscription () ) ) ) 



Listing 2 sketches the relevant methods of our example application and shows 
that it is relatively easy to implement. 

The simulator is initialized with one concrete Petri net of the chosen net type. 
The algorithm at first checks whether the selected transition is enabled or not. 
A method is_activated(transition) (see Listing 2, line 1 - line 13) uses methods 
from the data type parameter class Mode to compute a possible variable bind- 
ing. Then, in this mode the arc inscriptions of incoming arcs are evaluated and 
compared to the tokens on places in the transition’s pre domain using attributes 
from the data type parameter class Token. If a place is found which does not 
contain the required marking, the next possible firing mode is computed. Having 
found, at last, a firing mode under which the transition is enabled, the method 
fire(transition) (see Listing 2, line 15 - line 26) is executing one firing step: For 
all incoming arcs, the respective marking is removed from the places in the pre 
domain, and for all outgoing arcs, the respective marking is added to the places 
in the post domain. 

The simulator algorithm is accessable in the Petri Net Kernel GUI (see Figure 
E|l via the animate button in the command line. The pressing of the animate 
button results in the call of the simulator method animate which computes all 
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enabled transition in the net and presents them to the user. After the user has 
selected one transition from the list, animate calls the method fire(transition) and 
performs the firing step under the current firing mode. 

This short example of a generic application gives an impression how the 
implementation of algorithms on Petri nets can be facilitated and be made usable 
for more than a single Petri net type. 

5 Conclusion and Outlook 

The basic idea of Parameterized Net Classes is to identify two parameters that 
allow a complete Petri net type description, namely the net structure and the 
data type formalism. In the tool infrastructure Petri Net Kernel, net types are 
described intuitively, without dissolving dependencies. Therefore, we have de- 
veloped a new interface to the Petri Net Kernel that allows the integration of 
the two concepts. The Petri Net Kernel now offers a graphical user interface 
for the modelling with Petri nets whose types are defined in correspondence 
to the theory of Parameterized Net Classes. On the one hand, this work offers 
a validation of a theoretical/didactical concept as tool implementation. On the 
other hand, it allows the development of generic applications for Petri nets types 
that implement the Squareinterface, e.g. a generic algorithm simulating the token 
game. 

Yet, the original PNK implementation containing the net type interface with- 
out distinguished parameters is preserved in the PNK tool infrastructure. On the 
one hand, this is for historical reasons: Existing applications relying on the “old” 
net type interface of course are still supported by the PNK. On the other hand, 
there are net variants that cannot yet be formalized in the theoretical framework 
of Parameterized Net Classes. For instance, parameter for organizational roles 
(e.g. for business process modeling) or for time have not yet been defined. Anal- 
ogously, a formalization of the net structure parameter covering inhibitor arcs 
is not yet realized. Hence, future work is to define some important extensions 
of Petri nets in the terms of formal parameters which might be orthogonally 
combined with already existing parameters. 

Related work concerning the practical implementation issues has been done 
recently by the integration of the Petri Net Cube uni into the Petri Net Kernel. 
Here, the net and marking structure are treated as two separate parameters, a 
marking and a flow parameter, leading to the notion of a three-dimensional Petri 
Net Cube nq. 

The main advantage of our approach is that the implementation of formal, 
orthogonal parameters as interfaces allows the definition of a new Petri net 
type by selecting a combination of previously implemented actual parameters. 
Thus, the gap between the theory of Parameterized Net Classes and their use 
in practice is reduced: A step towards rapid prototyping based on well-founded 
theoretical results has been done. 
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1 Introduction 

Traditional development and management of software processes is based on the idea 
of centralized real world processes carried out at one location. Reasons for modelling 
these processes, their chronological and hierarchical order, their interrelations and 
their deliverables at different levels of detail is to better understand their tasks and 
dependencies [Tul95]. We call a set of hierarchically structured process models, re- 
lated via interfaces, a process landscape. Each activity of a process model belongs to 
the process landscape, but can also be refined by a landscape [GWOOb] again. The 
predominant view onto process landscapes is a logical view, paying most attention to 
logical dependencies. We develop such a landscape by applying the Process Land- 
scaping method [GWOOa]. 

The globalization of companies leads to an increasing set of processes related 
within a process landscape [NKF95]. Different partners carrying out parts of the proc- 
esses have varying degrees of autonomy and are distributed among different locations 
[GG95]. We can deduce, therefore, that globalization makes management of 
processes more and more difficult [LS99]. The logical view is no longer sufficient for 
management support. The distribution of processes to different locations requires a 
different view (called the locational view) onto a process landscape to analyze e.g. the 
distribution itself or the communication infrastructure between distributed processes. 
We call this view the locational view in order differenciate from the terms local view 
and distributed view which are also used in the context of distributed processes: A 
local view focuses on one part of a process landscape taking place at one single loca- 
tion, analogously to local views on distributed systems [FKTOO]. The term distributed 
view is often used for locally distributed systems [TEOO]. But in the context of Proc- 
ess Landscaping, we could also distribute parts of a process landscape for example 
with regard to different roles which are responsible for different sets of activities. 
Therefore, a distributed view does not express precisely enough that we talk about 
locational distributed activities. 

Derniame et al. define a view as the particular approach to a software process con- 
veyed by a (sub) model [DKW98]. They distinguish between models describing ac- 
tivities, organizational structures, products, resources or roles. This means different 
models representing different aspects of the same process landscape. Finkelstein and 
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Sommerville define the term in a similar way. For them "the construction of a com- 
plex description .. involves many agents", each with "different perspectives or views 
of the artefact or system" where the views are "partial or incomplete descriptions 
[FS96]. The viewpoints framework has been used and documented e.g. in [FKN92, 
GMT99]. In the context of Process Landscaping the term view is used for describing a 
certain perspective of the entire process landscape, just by emphasizing different 
properties. 

Irrespectively of the point of view or the level of detail, we need a suitable formal 
basis if we want to analyze properties of a process landscape. This basis should allow 
us: 

• to model a process landscape by following the traditional way of representing 

process models and their logical interactions at different levels of refinement, 

• to check properties of the given process landscape in the logical view, 

• to check properties of the given process landscape in the locational view. 

In this chapter we discuss a Petri net notation as a suitable formal basis fulfilling 
the requirements mentioned above. Other process modelling languages like event- 
driven process chains [KNS92], data flow diagrams or UML [omg99] do not support 
the explicit modelling of interfaces between process parts which are located at differ- 
ent sites. Additionally, verification and analysis techniques are not particularly capa- 
ble due to the less formal basis. 

For modelling the upper levels of a process landscape consisting of still complex 
activities and only key information objects, we developed PLL (Process Landscaping 
Language) as an abstract Petri net notation with a tree structure defining relations 
between activities. We denote PLL as abstract Petri net notation because we abstract 
from control flow information and do not deal with tokens or firing behaviour. The 
usage of the term abstract differs from the concept of abstract Petri nets described in 
[Pad98]. In this concept "the data type and the net structure can be considered as 
abstract parameters which can be instantiated to different concrete net classes" 
[Pad98]. 

PLL allows us to model static properties e.g. different locations, to describe re- 
quirements for communication infrastructure such as synchronous or encoded data 
interchange, to check some consistency conditions, and to analyze logical and loca- 
tional aspects. With PLL as underlying formal notation, it is, therefore, already possi- 
ble to analyze coarse-grained process landscapes. In order to analyze the more de- 
tailed levels we extend PLL to a Petri net notation (high level Petri nets with extended 
firing behaviour). In this extension we add some parameters useful for semantic 
analysis of a process landscape. 

The process of extending a PLL landscape to a Petri net landscape can be com- 
pared to the idea of the "Petri Net Baukasten" of the research group on Petri Net 
Technology [PNK99]. Places, transitions and their relations serve as common com- 
ponents of all kinds of Petri net variants. Starting with PLL as rudimental kernel of a 
low level Petri net we stepwise extend it to different variants of high level Petri nets 
(e.g. hierarchically structured, with coloured token, with complex firing behaviour). 
Relations between the different variants are captured by transformations, in this paper 
illustrated by two functions map and glue (Section 4.1). They are essential for Petri 
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net based modelling and analysis of process landscapes at different levels of abstrac- 
tion. If we would declare the results of each step of the extension as special Petri net 
type, we could use it as unifying framework similar to the Common Base of the Petri 
Net Baukasten. There, a basic classification of Petri nets is provided with specializa- 
tion/generalization relationships between the different Petri net types as structuring 
schema. 

In this chapter we discuss an example process landscape representing processes 
and their relations at different levels of refinement, and discuss the logical and loca- 
tional point of view. The example deals with the visual modelling and verifica- 
tion/validation of distribution and communication features in component-based soft- 
ware engineering. Related work can be found e.g. in [StbOO] where software architec- 
ture models in extended UML are mapped to Petri nets for automated analysis of 
communication properties and the result is mapped back to UML syntax. For Storrle, 
the architecture is a vital means of communication in the development process which 
should be understandable for all stakeholders. Therefore, he uses extended UML as 
graphical notation. In our approach, we abstract from information about the control 
flow in order to simplify the graphical representation the upper levels of a process 
landscape. This allows us to restrict ourselves on the formal basis of Petri nets instead 
of switching between different formal and informal notations. 

In Section 2, we identify distribution properties of a software process landscape 
which are interesting to analyze. Section 3 discusses the key elements and the struc- 
ture of PLL as underlying formal notation for the upper levels of a process landscape. 
We also introduce the graphical representation of a process landscape modelled in 
PLL (Section 3.2). Distribution and communication properties of the software process 
landscape are analyzed in Section 3.3. The mapping to a Petri net notation is dis- 
cussed in Section 4.1. We analyze further properties of the resulting process land- 
scape in Section 4.2. Section 5 summarizes the results of the analyses and gives a 
prospect to our future research. 



2 Attributes Describing Distribution Properties 
of a Process Landscape 

One purpose of modelling a process landscape is to analyze it with respect to certain 
properties. In the following, we identify the relevant properties. 

To obtain a first overview about a process landscape, we first have to identify key 
processes and the most important information the processes need, produce or ex- 
change. At the upper levels of the process landscape we deal with key activities like 
project management, software development, and quality management and with in- 
formation objects like requirements documents, guidelines and source code. Simple 
static analysis is useful for checking these upper levels. Analysis becomes more com- 
plex when we consider the different types of information managed by different enti- 
ties in different ways at different locations. By describing these distribution features 
of the different types of information as attributes of processes, information objects 
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and interfaces, it is possible to analyze process landscapes with respect to properties 
which are considered important. 

One aspect we want to analyze is the complexity and efficiency of distributed 
processes. For that purpose, we need information about the locations. We have to 
model where processes take place and where information objects are made persistent. 
The information whether or not data is stored locally by an activity sending or receiv- 
ing it, allows to analyze the effort for keeping different representations of objects 
consistent. If this effort is "high", one should check whether a central database could 
be used to minimize the risk of inconsistencies due to redundancies. 

We relate the property of autonomy to federated databases [SL90]. Correspondly, 
we distinguish two types of process autonomy: 

• Those entities which control a database often share the data only if they retain the 
control. If, for example, the process "quality management" wants to retain the con- 
trol of a tool recommendation document for software development environments, 
although the organizational entity that develops software knows other suitable 
tools, this entity is not allowed to change the document. We call this type of auton- 
omy data autonomy. Only the controlling activity is allowed to change a docu- 
ment. 

• Operational autonomy means, that an activity decides itself about the order in 
which its subactivities are performed and how they are carried out. It does not have 
to follow guidelines defined by a third party, but can define its own rules. Fur- 
thermore, it does not need to inform other processes about these rules. Therefore, 
activities with operational autonomy can be seen as a black box, where only the in- 
terfaces to this activity and the incoming and outcoming information objects are 
known. 

Communication infrastructure can be described by communication channels which 
are associated to interfaces between processes. Communication channels describe 
how an activity sends or receives information objects, and whether it determines the 
communication infrastructure. The communication infrastructure can be based on: 

• electronic data interchange like email or sms, 

• synchronous communication infrastructure like telephone for oral information 
exchange or 

• real document interchange like letter post. 

Communication channels define whether the information exchange is 

• persistent or not persistent 

(we call an information exchange persistent, if an activity stores the information it 
receives or sends) 

• synchronous or asynchronous, 

• private or not private 

(an information exchange is called private, if an information object is sent to ex- 
actly one recipient) 

and whether information objects to be exchanged are encoded by senders and change- 
able by recipients. With attributes defining persistency, synchronity, privacy, coding 
and changeability we can analyze the communication 
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• of a process with its whole environment (all processes related), 

• between exactly two processes, 

• between refined processes (more detailed communication analysis between two 
processes) [PohOO]. 

In order to improve the process, we also want to analyze whether and how single 
activities of refined processes should be distributed in the process landscape. The so- 
called ping-pong communication is an example of such a situation. It means frequent 
exchange of information of the same type between processes with little modification 
of the exchanged information within the processes. This communication indicates that 
a refined process forwards information to another and that this information is only 
read or minimally modified before it is returned. This sort of communication may be 
the only option, but it can also indicate a situation where we should check the effi- 
ciency of distribution. Generally speaking, the ordering of activities of this type can 
be improved by internal checks before forwarding information to another activity via 
an interface. 

Summarizing the discussion about properties of process landscapes, we have identi- 
fied a set of attributes assigned to the landscape's key elements, namely activities, 
information objects and their relations to each other. 



3 Formalization and Analysis of Process Landscapes in PLL 

PLL (Process Landscaping Language) is a Petri net notation for the upper refinement 
levels of a process landscape. It is used to analyze interesting static properties like the 
communication infrastructure. The key elements and structure of PLL are explained 
in Section 3.1. In order to use PLL for modelling process landscapes, we also devel- 
oped a graphical representation which is discussed in Section 3.2. In Section 3.3 we 
analyze an example process landscape depicting component-based software develop- 
ment which has been modelled in PLL. 



3.1 PLL (Process Landscaping Language) 

The main purpose of PLL is the identification of the most important information 
objects created or used by key activities. In PLL, they are described as document 
types. We consider the relations between activities and information objects as either 
being a reading access or a writing access. These considerations lead to the following 
definition: 

A word CO G PLL is defined as a triple co = (V, D, Z) which is a Petri net. Elements 
of V are called activities, elements of D are called document types, and elements of Z 
are called (access) relations. A word co g PLL represents a process landscape, where 

• (v,d) G Z means that activity v g V creates or writes a document of type d g D, 

• (d,v) G Z means that activity v g V reads a document of type d g D. 
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For CO e PLL, AB c VxV describes the hierarchical composition of activities as a 
tree, more formally: (v^Vj) g AB means that is refining Vj. We call AB an activity 
tree. The root r of this activity tree does not denote an activity, but the process land- 
scape itself. 

With this definition it is possible to model a process landscape, to define activities 
and document types as key elements together with their relations to each other. The 
set {v G V I 3 w G V: (v,w) g AB} denotes refined activities, leaves = {vg v|3wg 
V : (v,w) G AB } depicts activities which are not refined any further. 

We define interfaces between activities by relating one document type to two ac- 
tivities, one reading and the other writing a document of that type. In PLL, an inter- 
face is defined as 

interface: VxV ^ P(D) with 

interface ((V|,Vj)) := {d g D | 3 Vj, v^ g V: ((Vj,d) g Z a (d,V2) g Z ) v 

((v„d)G ZA(d,V,)G Z)j 




Fig. 1. Interfaces between activities 

Figure 1 shows an example, where interface ((Vj,V 2 )) = {dj}, interface ((Vj,V 3 )) = 0 
and interface = 0. All document types belonging to interfaces are called 

interface document types. In figure 1, d^ is an interface document type, d^ is not. We 
refine an interface ((Vj,V 2 )) by adding further document types to interface 

With the language core of PLL as defined above, we can express activities and 
document types as elements of a process landscape. We can model their relations to 
each other by defining read or write access and by defining interfaces. The refine- 
ments of activities and interfaces allow their hierarchical composition. In order to 
analyze properties of a given process landscape, we extend PLL by functions assign- 
ing different attributes to activities, document types and relations. Extensions relevant 
for process landscape analysis are discussed in the following: 

• L is a set of locations and loc'. V — > L is a function assigning a location 1 g L to an 
activity v g V. Based on this attribute it is possible to analyze the complexity of 
distribution for a given process landscape. 

• op-aut: Z — > {0, 1, undefined) is a function assigning either zero, one or unde- 
fined to each relation z g Z. 

op-aut ((Vjdj)) = 1, op-aut ((djVj)) = 1 means that only activity Vj defines rules 
how it creates, changes or uses a document of type dj and does not have to follow 
other guidelines. 
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op-aut ((Vj d|)) = 0, op-aut ((d, v^)) = 0 means that activity Vj may have to follow 
guidelines when it creates, changes or uses a document of type dj. 
op-aut ((Vj,dj)) = undefined, op-aut ((dj,V|)) = undefined means that it is not yet 
defined, if activity Vj has to follow guidelines when creating, changing or using a 
document of type d^. 

Function op-aut defines the operation autonomy of an activity concerning a single 
document type. If for all document types d e {d | (Vj,d) e Z v (d,Vj) e Z}: 

1. (Vj,d) e Z => op-aut ((Vj,d)) = 1 V d g {d | (Vj,d) g Z} and 

2. (d,Vj) G Z => op-aut ((d,Vj)) = 1 V d g {d j (d,v,) g Z} 

then activity Vj is called operation autonomous. 

per: Z {0, 1, undefined} is a function assigning either zero, one or undefined to 
each relation z g Z. 

per ((v,,d,)) = \,per ((dj,Vj)) = 1 means that activity Vj stores a document of type dj 
locally. 

per ((v,,d,)) = 0, per ((d,,v,)) = 0 means that activity Vj does not store a document 
of type dj locally. 

per ((Vj,dj)) = undefined, per ((d,,v,)) = undefined means that it is not yet defined, 
if activity Vj stores a document of type dj locally. 

This attribute is important for the analysis of the effort for updates of redundant 
storages. 

If I per (z) = I I with z = (v,d) or z = (d,v) is "high" for a specific document type, 
one should consider about a central database where per ((v,d)) = 0 and 
per ((d,v)) = 0 for the affiliated relations. 

Let Z':= {(v,d) | (v,d) g Z} cz Z. d-aut: Z' — > {0, 1, undefined) is a function as- 
signing either zero, one or undefined to each relation z g Z. 

d-aut ((Vj d,)) = 1 means that only activity Vj is allowed to change a document of 
type d,. 

d-aut ((Vjdj)) = 0 means that activity Vj is not allowed to change a document of 
type d,. 

d-aut ((Vj,dj)) = undefined means that it is not defined, if activity Vj is allowed to 
change a document of type d,. 

Function d-aut is restricted to relations representing write access because it does 
not make any sense to define an activity as data autonomous concerning a specific 
document when it only has read access to it. The following condition has to hold: 

d-aut ((Vjdj)) = 1 => V w G V: d-aut ((w, d^)) = 0 

We have to check this consistency condition, if we want to prove the data auton- 
omy of an activity. 

If for a given activity v g V 
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1. d-aut ((v,d)) = 1 V d G D with (v,d) g Z' 

2. per ((v,d)) = 1 V d g D with (v,d) g Z' 

then activity v is called data autonomous. 

• synch-. Z — > {0, 1, undefined} is a function assigning either zero, one or undefined 
to each relation z g Z. 

synch ((Vj,dj)) = 1 means that activity v^ sends a document type of dj to other ac- 
tivities synchronously. 

synch ((dj,Vj)) = 1 means that activity Vj receives a document of type d, from other 
activities synchronously. 

synch ((Vj,d|)) = 0 means that activity v^ sends a document of type dj to other ac- 
tivities synchronously. 

synch ((dj,Vj)) = 0 means that activity Vj receives a document of type d, from other 
activities synchronously. 

synch ((Vj,dj)) = undefined means that it is not yet defined, if activity Vj sends a 
document of type d^ to other activities synchronously. 

synch ((dj,Vj)) = undefined means that it is not yet defined, if activity Vj receives a 
document of type d^ from other activities synchronously. 

This attribute has impact on the communication infrastructure between activities. 
Communication via letter post for example always has to be defined as asynchro- 
nous, whereas calling per telephone has to be defined as synchronous communica- 
tion. 

We define additional functions analogously to function synch in order to describe 
further communication attributes: 

• Function priv defines whether information exchange between activities is private 
(priv ((v,d)) = 1, priv ((d,v)) = 1) or not (priv ((v,d)) = 0, priv ((d,v)) = 0). This at- 
tribute has impact on the way how documents can be distributed among several lo- 
cations: If an activity wants to send information to others, e.g. via broadcasting, 
priv ((v,d)) has to be zero. 

• Function coded defines whether information exchange between activities is en- 
coded (coded ((v,d)) = 1, coded ((d,v)) = 1) or not (coded ((v,d)) = 0, coded ((d,v)) 
= 0). Encoding documents before sending them indicates that no other but the re- 
cipients should read the content. It also requires that decoding mechanisms are 
available at the recipient's side. If one activity encodes information before sending 
it to another location, all other activities using and storing it have to encode it 
again after decoding and using the content. This is to ensure that no activity ex- 
changes data to be encoded without encoding it before. Information is defined to 
be protected, as soon as it is encoded for the first time. 

• Function change defines whether information to be exchanged is changeable by 
the receiving / sending activity (change ((v,d)) = 1, change ((d,v)) = 1) or not 
(change ((v,d)) = 0, change ((d,v)) = 0). This attribute corresponds with the data 
autonomy of an activity: If an activity wants to retain the control concerning a spe- 
cific document not only change ((v,d)) should be one, but also the corresponding 
function d-aut ((v,d)). 
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• CC is a set of communication channels and c-channeh (ZxZ)' — » CC is a function 
assigning a communication channel c e CC to each tuple (z,, z^) e (ZxZ)'. (ZxZ)' 
is a subset of ZxZ, where Zj and z^ are relations belonging to the same document 
type and at least Zj or z^ is defined as a write access. More formally: (ZxZ)' cz ZxZ 
and V (z„ z,) e (ZxZ)': (z, = (v„ d,) ^ z, = (d„ v,)) a (z, = (d„ v,) => z, = (v^, d^)). 

A communication channel is called congruent, if the attribute values of relations Zj 
and Zj belonging to this channel, assigned by functions synch, priv, coded and 
change, are equal in pairs: If, for example, persistency of z, is 1, it also has to be 1 
for Zj as precondition for a congruent communication channel. Each congruent 
communication channel defines how an activity v, receives or sends a document of 
type d| via an interface to another activity v^. Non-congruent communication chan- 
nels are not operative, which means they are unable to initiate an information ex- 
change. They may occur, when the underlying process landscape is modelled by 
different modellers (at different locations) and can be identified by consistency 
checks. 

With the set of functions per, synch, priv, coded, change and c-channel we are now 
able to analyze especially distribution and communication issues at the upper levels 
of a process landscape. Although PEL only describes static properties like locations, 
persistency and privacy, we are able to carry out some semantic analyses for distrib- 
uted processes landscapes. 



3.2 Graphical Notation of PLL Elements 

In this section we explain how process landscapes are graphically represented. We 
developed several graphical views in order to optimize the consideration of different 
analysis aspects. For this purpose we model a process landscape which covers parts of 
a component-based software process landscape [AF98]. Key features of this process 
landscape are that we find activities like domain engineering and component engi- 
neering on the same level [BRS98]. Figure 2 sketches the activity tree of this land- 
scape. Some activities are refined to more concrete levels than others, some details 
are omitted for the sake of a concise representation. Acitivities "Project Manage- 
ment", "Quality Management", "Application Management", "Domain Engineering" 
and "Component Engineering" form the top level of the software process landscape. 
Activity "Application Engineering", for example, is refined by a set of activities (the 
names of which all begin with "AE", thus, indicating their origin). Figure 3 illustrates 
this refinement in more detail. 

The graphical view of an activity tree abstracts from the conventional view of a 
Petri net representation, where we always consider states, transitions and relations 
between them by a bipartite graph. An activity tree shows an overview of the hierar- 
chical structure of the process landscape activities which means that only transitions 
of the underlying Petri net are depicted. 
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Fig. 2. Activity tree of a software process landscape for component-based software develop- 
ment 
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Fig. 3. Refinement of activity "Application Engineering" with interfaces indicated 



As already mentioned, activities can be refined in terms of process landscapes. The 
view of an activity refinement illustrated in figure 3 for activity "Application Engi- 
neering" also does not show a conventional Petri net representation. It depicts six 
activities which are arranged on the same level of abstraction and belong to the same 
superordinated activity. States as second type of nodes in a conventional representa- 
tion and their relations to transitions are indicated by bidirectional arrows. They do 
not express any details about the information objects to be exchanged, but they indi- 
cate that there is an information exchange between the related activities. Figure 3 
shows, for example, that "AE_Requirements Analysis" and "AE_Architectural De- 
sign" are related via an interface. 

Sometimes, further information about interfaces between activities is already 
known and has to be described. In this case we use a view of the refinement similar to 
a common Petri net representation. In the example, we assume that we already know 
some more details about activity "AE_Requirements Analysis". In its refinement 
(shown in figure 4) we recognize three activities and five document types. These 
document types specify the types of documents to be exchanged between the activi- 
ties. For example, we can recognize that "system constraints" are exchanged between 
activities "AE_Feasibility Study" and "AE_Business Process Modelling". Moreover, 
we recognize two document types which appear as open ends in figure 4. They indi- 
cate where commitments with other activities in the process landscape are pending. In 
other words, documents of types "requirements document" and "process models" are 
provided for other activities, not covered by the refinement of "AE_Requirements 
Analysis". The indication of data flow by modelling an arrow without connecting it 
with the affiliated activity distinguishes this refinement view from common Petri net 
representations. 

Despite the more activity-driven representations of PEL (as shown in figure 3 and 
4) it may be useful, to immediately recognize which activities access documents of a 
certain document type. That is why PEL supports a document-driven view. Figure 5 
shows this document view for the document type "architecture specification". It 
shows which activity access documents of this type without showing in detail where 
in the activity tree these activities are located. The naming conventions, however, 
allow a quick access to these activities in the activity tree. 
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//Application Engineering / AE_Requirements Analysis 




1 requirements document 

2 system constraints 

3 process models 

4 use cases 

5 object collaborations 



Fig. 4. Refinement of activity "AE_Requirements Analysis" 




architecture specification 



Fig. 5. Document view of document type "architecture specification" 

In comparison to a common Petri net representation, we can identify the Petri net 
structure of states, transitions and relations in figure 5. The difference is the abstrac- 
tion from control flow: we just have modelled the data flow but not the order in 
which the different activities access the architectural specification. 

Summarizing the different views introduced, we distinguish four views for the 
graphical representation of PLL elements: the activity tree, two kinds of refinement 
views (with and without document types), and the document view. The first focuses 
on the hierarchical structure of the process landscape, the following two on relations 
between activities at the same refinement level, and the last focuses on relations to a 
specific document. All views represent the same process landscape or at least parts of 
it. 

In the introduction, we also discussed the logical and the locational view of a proc- 
ess landscape. They are used for different analysis purposes. The logical view empha- 
sizes logical dependencies, and the locational view is used for example for the analy- 
sis of communication features of locally distributed activities. These two analysis- 
driven views are represented in one or more of the "illustration-driven" views. 
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3.3 Analysis in PLL 

We now analyze the example of a software process landscape for component-based 
software development. We focus on the properties of data autonomy, persistency and 
communication channels. For the sake of clarity, we restrict on simple examples. 




architecture specification 



Fig. 6. Data autonomy and persistency within a software process landscape 

The document view in figure 6 shows different activities associated with document 
"architecture specification". The activities take place at three different locations B, C 
and D. Some of them store the document locally, others do not. The value of the 
corresponding persistency attribute is indicated beside each relation arrow by either 
zero or one. The value of data autonomy is indicated by either y (if the value is one) 
or n (if the value is zero). If the value of this attribute is "undefined", it is not indi- 
cated. Activity "AE_Architectural Design" is the only one which keeps the document 
persistent and which is allowed to change the document simultaneously. For all 
activities at location C and D the value of data autonomy is undefined. Activity 
"AE_Component Design" has write access to the document, but the value of data 
autonomy is zero. This means, that the activity is only allowed to change the local 
copy of document "architecture specification", for example by adding remarks to the 
specification. Therefore, activity "AE_Architectural Design" retains the control of the 
document and is called data autonomous concerning "architecture specification". 

In figure 6, | per (v,"architcture specification") = 1 a per ("architecture specifica- 
tion", v) = I I with V e { "AE_Architectural Design", "AE_Component Design", 
"PM_Make or buy decision", "QM_Reviews"} is "high" which means that nearly all 
activities store the document locally. It would be more efficient to implement a cen- 
tral database at location B with read access for activities "AE_Component Design", 
"PM_Make or buy decision" and "QM_Reviews" and write access for activity 
"AE_Architectural Design" as responsible activity for document "architecture specifi- 
cation". 

Eigure 7 shows a more complex overview of the process landscape for component- 
based software development. Activities at different levels of refinement are arranged 
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according to their locations. This is indicated by dotted frames around sets of activi- 
ties. The refinement of activity "AE_Requirements Analysis" (see also figure 4) is 
e.g. depicted as taking place at location A. Other activities concerning application 
engineering are located at B, domain engineering and project management take place 
at location C, and component engineering takes places at location D. The documents 
are explained in the legend below figure 7. For the sake of clarity, they are depicted 
multiply in the graphical representation, although they exist only once. This allows a 
better understanding of the different communication channels. 




Fig. 7. Software process landscape with communication channels indicated 



Legend: 1. requirements document 

2 system constraints 

3 (domain) process landscape 

4 use cases 

5 object collaborations 



6 software code server component 

7 software code client component 

8 component specifications 

9 architectural specification 

10 make or buy decision document 

1 1 reusable components 
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Figure 7 shows some features of the communication infrastructure by indicating 
communication between different locations (full line frames), communication chan- 
nels (dashed frames) and documents (circles) exchanged between different activities. 
We restrict our discussion of communication properties to the information exchange 
between locations B and D. The areas of the software process landscape participating 
at this communication are shaded grey. They consist of activities concerning applica- 
tion engineering (location B) and component engineering (location D). Documents 
"software code server component", "software code client component" and "compo- 
nent specifications" have to be exchanged via three different communication chan- 
nels, indicated by three dotted frames around the documents. 

We now have a closer look at the attributes assigned to relations between locations 
B and D. Tables 1-3 depict the attribute values for the example process landscape 
concerning each relation affiliated to either document "software code server compo- 
nent", "software code client component" or "component specifications". 

Relation columns printed in bold/italic and belonging to the same document indi- 
cate a communication channel. In table 1, there is a communication channel between 
activities "AE_Component Adaption" and "CE_Development Server Component" 
exchanging document "software code server component" in both directions. Activity 
"CE_Development Server Component" also receives document "component specifi- 
cations" from activity "AE_Component Design" (see table 2). Activity 
"CE_Development Client Component" sends document "software code client compo- 
nent" to activity "AE_Integration" (table 3). 

Table 1. Relation attributes and communication channel concerning document "software code 
server component" 





software code 
server component, 
AE_Integration 


AEjComponent Adaption, 
software code server 
component 


software code server 
component, 

CE_Development Server 
Component 


persistent 


1 


1 


1 


synchronous 


0 


0 


0 


private 


undefined 


1 


1 


encoded 


0 


1 


1 


changeable 


0 


1 


1 



Table 1 describes a congruent communication channel between activities 
"AE_Component Adaption" and "CE_Development Server Component" because all 
attribute values fit together. Table 2 indicates a communication channel which is not 
congruent because the values of privacy and changeability are different. But "not 
congruent" does not always mean inconsistent. Privacy of the access relation from 
"CE_Development Server Component" to "component specification" is "undefined". 
Therefore, we just have to add a suitable value for this attribute. Concerning the 
changeability of this document the modeller has to decide if he can change the value 
for either the access relation of "CE_Development Server Component" or 
"AE_Component Adaption", or if he adds a transformation activity to the process 
landscape. This activity transforms document "component specifications" e.g. from a 
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word-file (changeable) into a pdf-file (not changeable) and sends it to activity 
"CE_Development Server Component" afterwards. 

Table 2. Relation attributes and communication channel concerning document "component 
specifications" 





AEjComponent Design, 
component specifications 


component specifications, 
CE_Development Server 
Component 


component specifications, 
CE_Development Client 
Component 


persistent 


1 


1 


0 


synchronous 


0 


0 


0 


private 


1 


undefined 


undefined 


encoded 


1 


1 


1 


changeable 


1 


0 


0 



Table 3. Relation attributes and communication channel concerning document "software code 
client component" 





CE_Development Client 


software code 


software code client 




Component, 


client component, 


component, 




software code client component 


AE integration 


AE_Component Adaption 


persistent 


1 


1 


1 


synchronous 


undefined 


undefined 


0 


private 


1 


1 


1 


encoded 


1 


0 


0 


changeable 


1 


1 


undefined 



Table 3 also shows a communication channel which is not congruent because the 
values of the coding attribute are defined differently. In this case, the modeller has to 
decide whether document "software code client component" has to be encoded or not. 
If an activity creating / writing the document requires encoding he should perhaps 
extend this requirement to all other relations. If an activity reading the document 
requires encoding, it can perhaps encode the contents after reception. 

There are many other interesting details in the tables to be analyzed. For example, 
almost all activities store the document, they are dealing with, locally. One should 
check if a central database can minimize redundancy and the effort for maintaining all 
existing copies. Not all relation combinations form a communication channel (see 
definition of function c-channel in Section 3.1). We identify eight possible communi- 
cation channels for the three documents. They all have to be checked. We have to 
analyze if they are congruent and or not. In the latter case we have to consider 
whether to redesign the communication channel or to refine the communication infra- 
structure by adding a transformation activity. This fact indicates how complex the 
communication infrastructure of a process landscape is already on the upper levels of 
refinement. 

But only the awareness of having a complex communication infrastructure does 
not justify the effort to define all communication attributes. The benefit of modelling 
communication channels and the related attributes is to express communication fea- 
tures of a (given or planned) communication infrastructure in terms of simple func- 
tion values. They allow us to measure communication effort independently of con- 
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Crete data interchange media like email, letter post or telephone. This avoids the dis- 
cussion about a precise definition of what we mean by communication considering 
every possible communication aspect: some people focus on the hardware they need 
for communication, others on the underlying communication protocols or on some of 
the attributes considered in this chapter. The advantage to reduce communication to a 
small set of attributes affiliated to communication channels instead of talking about 
concrete media is first to avoid misunderstandings of what we focus on when we talk 
about communication. Secondly, it enables comparability of different media and 
allows therefore analysis already on the upper levels of a process landscape. Im- 
provements can be suggested like it has been done for the example shown in figure 6 
and inconsistencies like those in table 2 and 3 can be identified. 

By now we have described how to check process landscapes at high levels of ab- 
straction. But it is also useful to investigate more detailed levels. For doing so, we 
have to relate process landscapes represented in PLL to Petri nets giving more details 
about the control flow in processes. That is why we map PLL to a Petri net notation 
(described in the following section). This mapping is accompanied by adding infor- 
mation about control flow and dynamic behaviour of processes. 



4 Formalization and Analysis of Process Landscapes 
in Petri Net Notation 

"A software process is in fact the aggregation of numerous process fragments" 
[EB95]. This statement is a suitable description for the upper levels of our software 
process landscape modelled in PLL. The aggregation in PLL is coarse-grained, be- 
cause the activity tree shows the hierarchical order of the activities, but not the con- 
trol flow in a software process. Thus, we have depicted "numerous process frag- 
ments" consisting of core activities and core information objects. In order to analyze 
the behaviour of a software process we have to connect the fragments to a coherent 
net of activities and information objects. For that purpose we model additional infor- 
mation about process sequences and control flow. 

With PLL we are not able to express and analyze dynamic features like process se- 
quences and parallelism of activities. Modelling different types and different states of 
information objects is also not possible. This leads us to the requirement of mapping 
all process landscape elements expressed in PLL to a notation supporting the model- 
ling of dynamic behaviour. In Section 4.1 we discuss the mapping of PLL elements to 
the Petri net notation as a suitable formalism. In Section 4.2 we analyze the example 
process landscape depicting component-based software development after it has been 
mapped to Petri net notation and refined. 



4.1 Mapping PLL to Petri Net Notation 

In order to model and analyze behavioural features of a process landscape we extend 
PLL to the notation of a Petri net, where a process landscape is defined as a tuple 
PL = (C,S,F) with 
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• C is a set of activities 

• S is a set of interfaces 

• F is a set of flow relations 

In PLL notation, each document type occurs only once. All activities reading/writing 
objects of this type are connected to it. This clearly shows, which activities depend on 
objects of which type. In order to insert information about the dynamic behaviour, 
states of objects have to be introduced. In doing so, we have to retain the data flow 
direction as defined in the process landscape. The mapping starts from the leaves of 
the PLL activity tree. Information about the hierarchical structure of a process land- 
scape is abstracted away, the result is a flat Petri net. We need three functions for the 
mapping, each considering either activities, document types or relations. More for- 
mally: 

Let = {(v,d) e Zl v e leaves} U {(d,v) e Zl v e leaves}. 

• map_v: leaves — > C 

This function just maps the leaves of the PLL activity tree to elements of set C, 
representing activities in Petri net notation. 

• map_d: D P(S) with 

1. \map_d(d)\ = l{v e leaves I (v,d) e v (d,v) e Z,^„„JI 

2. V v G leaves with (v,d) g v (d,v) g : 3 s,g S with 

(v,d) G => (map_v (v), sj G F 

(d,v) G => (s, map_v (v)) g F 

If a document type is related to several activities, it has to be mapped to a power 
set of interfaces Sj. Condition 1 ensures that we map each document of type d to an 
interface Sj as often as there are relations (v,d), (d,v) g to it. Condition 2 re- 
quires for each activity v represented in PLL notation, that its target representation 
in Petri net notation is only related with an interface, which has a source represen- 
tation related to the activity in PLL before. 

• map_z: ^ F and 

V (v,d) G Z 3! (c,s) G F A V (d,v) g Z 3! (s,c) g F with c g C, s g S such that 
mapjdiy ,d)) = (c,s) a map_z{{d,v)) = (s,c) with c = map_v (v) a s g map_d (d) 

Function map_z maps each relation exactly once and such that the direction of the 
target relation remains the same as it has been in PLL notation. Additionally, each 
related activity and interface in Petri net notation has to have source representa- 
tions in PLL notation. 

Figure 8 denotes how activities, document types and affiliated relations have to be 
mapped. In our example, activities Vj, v^ and v^ out of set leaves are mapped with 
function map_v to activities c^, c^ and c^. With function map_d, document type dj is 
mapped to interfaces s^ and s^, document type d^ is mapped to S3 and s^ (indicated by 
dotted frames and arrows). The four access relations (Vj,dj), (dj,V2), (d2,Vj) and (d3,V3) 
are mapped to four data flow relations according to function map_z with relating 
interfaces s^ and s^ both to activity c^. The result is a set of three isolated process 
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fragments. Connecting them to the overall Petri net at the right places means adding 
information about the succession of the modelled activities. It is task of the modeller 
to add this information and cannot be done automatically. 





Fig. 8. Mapping an activity refinement in PLL to a Petri net notation 



To merge Petri net fragment into to one Petri net is based on a function glue: S° — > 
S. This function glues together some of the interfaces which result from mapping one 
document type (on the PLL level) to the Petri net representation. More formally: 

glue: S” ^ S is applicable to Sj, ..., s_^ only if 3 dj e D : s,, ..., s_, e map_d (dj) 

Glued process fragments denote information exchange via interfaces and define 
the order in which activities are carried out. In figure 8, interfaces Sj and s^ may be 
glued together. Then they define in which order activities Cj and c^ have to be exe- 
cuted. 

One might ask why a document type is mapped to a set of interfaces first which are 
glued together again, afterwards. The reason is the missing information about process 
sequences defining the order of different activities. The edges in PLL notation repre- 
sent only document access and no temporal order of the execution of activities. This 
information is added after the mapping of the process landscape in Petri net notation. 
Thus, the edges represent control flow only after the mapping. Referring to the exam- 
ple in figure 8, interfaces s^ and s^ may also be connected by adding a sequence of 
new activities and interfaces between interfaces s^ and s^. 
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4.2 Analysis Example of a Process Landscape in Petri Net Representation 

Obviously, attributes assigned to process landscape elements in PLL can be analyzed 
after the mapping. It is even possible to carry out some powerful analyses, because 
more information about the processes is available at the level of the Petri net repre- 
sentation. To analyze additional features of the process landscape concerning e.g. the 
efficiency of activity distribution within different refinements, we define attributes for 
process sequences with external interfaces involved. In this section, we only discuss 
one distribution aspect as an example for dynamic analysis of process landscapes in 
high-level Petri net representation. Currently, we are working on example process 
landscapes for the discussion of further analysis facilities on the Petri net representa- 
tion concerning redundant storage of data at various locations and efficient use of 
telecommunication infrastructure. 

Function maxpath (Cj, Sj, s^) Z denotes the longest path within an activity re- 
finement Cj starting from one connected external interface Sj and ending with another 
external interface s^, where both interfaces connect Cj with a second activity refine- 
ment Cj. If the length of the maximum path in a refinement connecting those two 
interfaces is "short", one could assume that there are activities which are isolated from 
others. A more process-oriented way of organising a process may be useful for avoid- 
ing this sort of ping-pong communication. Thereby it may help to reduce coordina- 
tion and communication effort between different processes [GGK96]. 

Figure 9 shows another part of the process landscape for component-based soft- 
ware development, modelled with the process modelling tool LeuSmart [ade99]. The 
upper levels of the landscape have been mapped to Petri net notation, previously. 
Activities "AE_Maintenance" and "CE_Configuration Management” have been fur- 
ther refined and interfaces have been glued together. Moreover, we added informa- 
tion about locations of activities. This allows to come up with the process model 
representation shown in figure 9. Here we can analyze maxpath as explained above in 
the following way: 

• maxpath ("AE_Maintenance", "released sw to maintenance", "release notes") = 9 
denotes the longest path within activity "AE_Maintenance" starting at interface 
"released sw to maintenance" and ending at interface "release notes". 

• maxpath ("CE_Configuration Mgmt", "release notes", "releases software to main- 
tenance") = 5 

• maxpath ("CE_Configuration Mgmt", "released sw from maintenance", "released 
sw to maintenance") = 5 denotes the longest path within activity "Configuration 
Mgmt", which starts with reading from "released sw from maintenance" and ends 
with writing to "released sw to maintenance". In figure 9 this path is marked as 
bold path. It consists of five nodes. 

If the length of the maximum path connecting "CE_Configuration Mgmt", "released 
sw from maintenance" and "released sw to maintenance" is "short", one could assume 
that there are activities isolated from preparing data for release documents. Indeed, 
"released sw from maintenance" is only used in activity "CE_Configuration Mgmt" to 
extract data for release documents. When all release documents have been updated, 
the released software is sent back to activity "AE_Maintenance". It would be useful to 
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check whether a closer integration with activities from activity "AE_Maintenance" is 
possible. For this example one could suggest to extract the data relevant for release 
documentation by activity "release software" within the refinement of activity 
"AE_Maintenance" because this activity also extracts data for the release notes. 



AE_Maintenance at location A 



CE_Configuration Mgmt at location B 




Fig. 9. ping-pong communication between activities "AE_Maintenance" and "CE_Configura- 
tion Mgmt" 

5 Conclusion 

In this chapter we introduced PEL as a formal basis for process landscapes. This 
notation allows to model distributed processes at different, but high level of abstrac- 
tions. By incrementally adding further information about processes we reach the level 
of high level Petri nets, extended by some attributes defining behavioural properties 
of distributed processes. At this level we benefit from well-known Petri net analysis 
facilities and we propose further analysis mechanisms which are particularly relevant 
for distributed processes. 

The focus of this chapter lies on different Petri net variants as formal basis of a 
process landscape. Therefore, we can compare it to the Expert View of the Petri Net 
Baukasten although it is not as detailed and sophisticated as in the Petri Net Baukas- 
ten itself. The Expert View presents formal descriptions of concepts described semi- 
formally in the Common Base [Gaj99]. We are confident that the approach of the 
Process Landscaping method, respectively its underlying formal basis shown for 
some small examples in this paper, can be extended not only to further analyses of 
distribution properties but also to a unified and simplified construction kit for the 
modelling and analysis of process landscapes. 

Our future research will be focused on tool support for PEL and on an automated 
mapping support from PEL to the Petri net representation. Furthermore, we are going 
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to apply the Process Landscaping approach to further types of software processes, 
like, e.g., processes for the development of e-business applications. By doing so, we 
will be able to come up with improvement suggestions for the analysis facilities dis- 
cussed above. 
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Abstract. Partial algebra is a suitable tool to define sequential seman- 
tics for arbitrary restrictions of the occurrence rule, such as capacity or 
context restrictions. This paper focuses on non-sequential process seman- 
tics of Petri nets over partial algebras. It is shown that the concept of 
partial algebra is suitable as a basis for process construction of different 
classes of Petri nets taking dependencies between processes that restrict 
concurrent composition into consideration. 

Thns, Petri nets over partial algebra provide a nnifying framework for 
Petri net classes in which some processes cannot be executed concur- 
rently, snch as elementary nets with context. We will illnstrate this claim 
proving a one-to-one correspondence between processes constructed us- 
ing partial algebra and processes based on partial orders for elementary 
nets with context. Furthermore, we provide compositional process term 
semantics using the presented framework for place/transition nets with 
(both weak and strong) capacities and place/transition nets with in- 
hibitor arcs. 



1 Introduction 

Petri nets are applied in an increasing number of areas. As a consequence, nu- 
merous different variants of Petri nets have been developed, many of them based 
on the same behavioral principles but with slightly different occurrence rules. 
Examples include Petri nets extended by capacities, inhibitor arcs, read arcs or 
asymmetric synchronization of transitions. 

The restrictions of the occurrence rule can be expressed by restricting the 
set of legal markings in the case of nets with capacities or by means of different 
kinds of arcs in the case of nets with inhibitor arcs, read arcs or asymmetric 
synchronization. Whereas the definition of sequential semantics for these vari- 
ants can be obtained in a straightforward way from the occurrence rule, partial 
order semantics providing an explicit representation of concurrent transition oc- 
currences is usually constructed in an ad-hoc way. The aim of this paper is to 
present a unifying concept for generalized Petri nets, i.e. for Petri nets with 
restricted occurrence rule, to obtain non-sequential semantics in a systematic 
way. 
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m = X + pre(t) 



= X 


II t 


▼ ’ 


^ T 



m’ = X + post(t) 



Fig. 1. Occurrence of a transition t from a marking m to a marking m' and its inter- 
pretation as a concurrent rewriting of the transition t and the marking x. 



In 12 512 til and in CHI the authors realized that non-sequential semantics of 
elementary nets and place/transitions nets can be expressed in terms of con- 
current rewriting using partial monoids and total monoids, respectively. In such 
an algebraic approach, a transition t is understood to be an elementary rewrite 
term allowing to replace the marking pre(t) by the marking post(t). Moreover, 
any marking m is understood to be an elementary term, rewriting m by m itself. 
A single occurrence of a transition t leading from a marking m to a marking 
m' (in symbols m — ^ m') can be understood as a concurrent composition of 
the elementary term t and the elementary term corresponding to the marking 
X, satisfying m = x + pre{t) and m' = x + post{t), where -I- denotes a suitable 
operation on markings (see Figure ^). For example, in CHI + is the addition 
of multi-sets of places, and hence this approach describes place/transition nets. 
The non-sequential behaviour of a net is given by a set of process terms, con- 
structed from elementary terms using operators for sequential and for concurrent 
composition, denoted by ; and ||, respectively. 

Now, assume that for some class of Petri nets a suitable operation -|- over the 
set of markings is given such that for each transition occurrence m — ^ m' there 
exists a marking x satisfying x + pre(t) = m and x + post(t) = m' . Then the 
occurrence of t at m is expressed by the term x || t. Conversely, t cannot neces- 
sarily occur at any marking x + pre{t) but its enabledness might be restricted. 
Such restrictions of the occurrence rule will be encoded by a restriction of con- 
current composition, i.e. if a; -I- pre{t) does not enable t, then x and t are not 
allowed to be composed by ||. To describe such a restriction, we use an abstract 
set / of information elements together with a symmetric independence relation 
on I. Every marking x as well as every transition t has attached an information 
element. A marking x and a transition t can be composed concurrently if and 
only if their respective information elements are independent. For independent 
information elements we define an operation called concurrent composition with 
the intended meaning that the information of the composed term is the compo- 
sition of the information elements of its components. Because the operation of 
concurrent composition between elementary terms and information elements is 
defined only partially, i.e. partial algebra is employed, such nets are called Petri 
nets over partial algebra [IMS]. 
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Fig. 2. An elementary net with places pi,p 2 ,P 3 ,P 4 ,P 5 and the elementary terms cor- 
responding to transitions. For example, transition a is enabled to occur if the places 
Pi and p 5 are marked and the place ps is unmarked. Its occurrence removes a token 
from pi and ps and adds a token to ps. In other words, transition a rewrites its pre- 
set pre{a) = {pi,Ps} by its post-set post{a) = {pa}. It has attached the information 
element {pi,P3,Ps}, given by the union of its pre- and post-set. 



For example, in the case of elementary nets, where markings are sets of 
places, we attach to a transition t as information element the union of pre(t) 
and post{t), while the information element for a marking m is the marking 
m itself. Two information elements are independent if they are disjoint. The 
concurrent composition of independent information elements is their union. For 
an illustrating example see Figure O 

If a restriction of the occurrence rule is encoded by means of a partial al- 
gebra of information elements, one can build non-sequential semantics of nets 
over partial algebra. This semantics is given by process terms generated from 
the elementary terms (transitions and markings) using the partial operations 
sequential composition and concurrent composition. 

Each process term has associated an initial marking, final marking and a set 
of information elements. For elementary process terms, the set of information 
elements is the one-element set containing the attached information element. 

Initial and final markings are necessary for sequential composition: Two pro- 
cess terms can be composed sequentially only if the final marking of the first 
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process term coincides with the initial marking of the second one. The set of 
information elements associated to the resulting process term is given by the 
union of the sets of information elements associated to the two composed terms. 

Concurrent composition of two process terms is defined only if each infor- 
mation element associated to the first process term is independent from each 
information element associated to the second. Then the initial and final marking 
of the resulting term are given by concurrent composition of the initial markings 
and of the final markings of the two terms. The set of information elements of the 
resulting process term contains the concurrent composition of each information 
element associated to the first term with each information element associated to 
the second. 

Thus, sets of information elements are employed for concurrent composition 
of terms. As already observed by Winkowski in for a process term of an 

elementary net (where information elements are markings, i.e. sets of places), 
instead of considering the set of information elements, it is sufficient to consider 
just those places which appear in at least one of the markings being information 
elements. In |0j we generalize this idea: Two sets of information elements A and 
B do not have to be distinguished, if for each set of information elements C either 
both A and B are independent from dH or both A and B are not independent 
from C. Therefore, we can use any equivalence = G 2 ^ x 2 ^ that is a congruence 
with respect to the operations concurrent composition and union (for sequential 
composition) and satisfies: li A = B and A is independent from C, then B is 
independent from C. That means, we can use any equivalence = G 2 ^ x 2 ^ which 
is a closed congruence with respect to the operations concurrent composition 
and union. Equivalence classes of the greatest closed congruence represent the 
minimal information assigned to process terms necessary for concurrent com- 
position. Thus, instead of sets of information elements we associate to process 
terms equivalence classes with respect to the greatest closed congruence. 

There is a strong connection between the process term semantics described 
above and the usual partial order based semantics. Consider, for example, the 
process given in Figure 0 It determines that transition a occurs before b and c, 
and that transition d occurs before b. This process can be decomposed into the 
sequence ac occurring at the marking {pi , P4 , Ps } (described by the process term 
(a; c) II {pa})-, followed by the sequence db occurring at the marking {pi,Pa,pE} 
(described by the process term {d;b) || {pi}). The resulting term is ((a;c) || 
{P 4 });((d;^) II {Pi}) (see Figure mi. Another interpretation of this process is 
the following: Transitions a and d occur concurrently at the marking {pi,P4,P5} 
replacing this marking by {p2)P3,l^}- At this marking transitions c and b occur 
concurrently. The corresponding term is (a || d); (c || b) (see Figure E|). Each 
process term a defines a partially ordered set of events representing transition 
occurrences in an obvious way: an event 62 depends on another event Ci if the 
process term a contains a subterm ai; 02 such that ei occurs in ai and 62 occurs 
in 02- For example, the process term a = ((a; c) || {p4}); ((d; b) || {pi}) generates 

^ Two sets of information elements X and Y are independent if and only if each 
information element of X is independent from each information element of Y. 
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► b 



Fig. 3. The elementary net from FigureQwith the initial marking {pi,p4,p5} together 
with a process and the corresponding partial order of the occurring transitions. The 
place annotated by ps establishes an order between the occurrence of a and 6 , due to the 
contact situation at ps after the occurrence of d. For details how to construct processes 
of elementary nets with contacts see e.g. or Subsection o The interpretation of 
P5 is that p5 is not marked. 



the partial order given in Figure E| while the process term /3 = (a || d); (c || b) 
generates the partial order given in Figure Cl 

Unfortunately not all reasonable partial orders can be generated in this way. 
For example, consider the partial order shown in Figured which is determined 
by the process from Figured It is easy to show by induction on the structure of 
process terms that this partial order cannot be generated by any process term. 
However, this partial order can be constructed from the partial orders generated 
by process terms a and /3, i.e. by two possible decompositions of the process 
from Figured removing the contradicting connections between c and d. We will 
define an equivalence of process terms identifying exactly those process terms 
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Fig.4. Derivation of a process term of the elementary net from Figure | 2 | Instead of 
the whole set of information elements, each process term has attached only the set of 
all involved places, i.e. the set of places characterizing the greatest closed congruence 
class of the related set of information elements. For example, the process term a; c has 
attached the information {pi,P3,P5} instead of the set of two information elements 
{{P1,P3,PS},{P1,P3}}- 



representing the same run. Then each run is represented by an equivalence class 
of process terms. 

The paper is organized as follows. Section gives mathematical preliminaries. 
After introducing formally our concept in Section 0 we provide a couple of 
examples in Sections mni 

The first example given in Section 0 will re-formulate results achieved in 
for elementary nets, showing that the information for concurrent com- 
position used in is in fact (isomorphic to) the equivalence class of the 

greatest closed congruence of the related partial algebra and therefore is the 
minimal information necessary for concurrent composition. 

Usually, if a transition depends on the state of a place, then this state is 
changed by the transition’s occurrence. We call this a write operation and the 
place a write place. Extensions with context requirements release this property: 
a transition can only occur if in addition the context places are in a certain state 
but this state remains unchanged by the transition’s occurrence (read operation). 
In 1 1 t)j elementary nets with context are defined, generalizing the notions of 
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Fig. 5. Derivation of another process term of the elementary net from Figure El 

a ► c ► d ► b 

Fig. 6. Partial order generated by the process term a = ((a; c) || {p4}); ((d; fe) || {pi}) 

a ► c 




Fig. 7. Partial order generated by the process term /3 = (a || d); (c || fe) 



inhibitor arcs (negative context) and read arcs (positive context). In Sections 
EHH we apply our concept to elementary nets with context. For these nets, two 
enabled transitions using common places as (positive or negative) context can 
occur concurrently if their pre- and post-sets are disjoint. Accordingly, if two 
processes do not employ common places for the flow of tokens but partly use 
the same context, then the composition of these process terms should not be 
excluded. This means that read operations on a place can occur concurrently, 
whereas mixed read and write operations as well as two write operations are 
incompatible with respect to concurrent composition, just as concurrent access 
to a storage element is only possible for read access (this interpretation of context 
places was also chosen in HH] whereas |l,‘-{|l7j allows concurrent read and write 
operations) . Hence we need information about the nature (write or read) of the 
access to places for each process term. Therefore, the necessary information is 
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more complex as the simple collection of markings associated to a process. In each 
case, i.e. in case of elementary nets with positive context (Section 0), negative 
context ( Section 0, and mixed context (Section U|) , the minimal information for 
concurrent composition is computed. Further, in Section 0 we prove that the 
non-sequential semantics given by process terms coincides with the partial order 
semantics given by process nets of elementary nets with context introduced in 

m- 

Section 0 illustrates the generality of our approach by applying it to two 
more net classes, namely place/transition nets with inhibitor arcs (negative con- 
text) and place/transition nets with capacities. In Subsection 19.11 we show that 
for place/transition nets with inhibitor arcs, concurrent composition of two pro- 
cesses should only be excluded if a place is a common context and write place, 
and therefore it is enough to store the set of context and the set of write places. 
Thus, the set of information is less complex (it is particularly a finite set) than 
the set of markings (which in this case is the infinite set of multi-sets over the set 
of places). We conclude by showing that our approach fits well for place/ transtion 
nets with strong and with weak capacities (Subsection lEJ • 

2 Mathematical Preliminaries 

We use N to denote the nonnegative integers and N'*' to denote the positive 
integers. Given two arbitrary sets A and B, the symbol denotes the set of 
all functions from A to B. Given a function / from A to B and a subset C oi A 
we write /|c to denote the restriction of / to the set C. The symbol 2^ denotes 
the power set of a set A. Given a set A, the symbol |A| denotes the cardinality 
of A and the symbol id,A the identity on the set A. We write id to denote idA 
whenever A is clear from the context. The set of all multi-sets over a set A is 
denoted by . Given a binary relation R C Ax A over a set A, the symbol i?+ 
denotes the transitive closure of R. 

A partial groupoid is an ordered tuple Z = (I,dom^,+) where I is a set 
called the carrier of Z, C / x / is the domain of -i-, and -j- : domj^_ — >■ / is 

the partial operation of Z. In the rest of the paper we will consider only partial 
groupoids (/, doTO_j_, -j-) which fulfil the following conditions: 

— If a -i- 6 is defined then 6 -j- a is defined and a + b = b + a. 

— If (a -i- 6) -i- c is defined then o-j- (6-j-c) is defined and {a + b) + c= a+{b + c). 

We use the symbol I for a set of information elements associated to elemen- 
tary terms and the operation -j- to express concurrent composition of information 
elements. Not each pair of process terms can be concurrently composed, hence 
-j- is a partial operation. The relation doTO_|_ contains the pairs of elements which 
are independent and can be concurrently composed. 

As explained in Introduction, generated terms have associated sets of infor- 
mation elements. So, the partial groupoid (I, domj^_, -[-) is extended to the partial 
groupoid {2^ ,dom^^,{+}), where 

dom^^ = {{X,Y) g 2^ x2^ \ X xY C dom+}. 
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X{+}Y = {x + y\xGXAyGY}. 

We will use more than one partial operation on the same carrier. A partial 
algebra is a set (called carrier) together with a couple of partial operations on 
this set (with possibly different arity). Given a partial algebra with carrier X, 
an equivalence ~ on A satisfying the following conditions is a congruence'. If 
op is an n-ary partial operation, oi ~ ~ (ai,...,a„) G doniop 

and (6i,...,6„) G domop, then op(oi, . . . , a„) ~ op(6i, . . . , If moreover 
oi ^ 6i, . . . , ^ bn and (oi, . . . ,an) G dowiop imply (6i, . . . , 6„) G doniop for 
each n-ary partial operation then the congruence ^ is said to be closed. Thus, 
a congruence is an equivalence preserving all operations of a partial algebra, 
while a closed congruence moreover preserves the domains of the operations. 
For a given partial algebra there always exists a unique greatest closed con- 
gruence. The intersection of two congruences is again a congruence. Given a 
binary relation on X, there always exists a unique least congruence contain- 
ing this relation. In general, the same does not hold for closed congruences. 
Given a partial algebra X with carrier X and a congruence ^ on X, we write 
= {y £ X \ X ^ y} and X/^ = ^ closed congruence ~ de- 

fines the partial algebra with carrier Xj^, and with n-ary partial oper- 
ation defined for each n-ary partial operation op : donriop A of A as 

follows: domop/ ^ = {([oi].^, . . . , | (ai,...,a„) G domop} and, for each 

(oi,...,a„) G domop, op/,^([ai].^, . . . , = [op(ai, . . . , a„)].^. The partial 

algebra X j is called factor algebra of X with respect to the congruence 

Let A be a partial algebra with k operations opf ,i G {1, . . . , fc}, and let y be 
a partial algebra with k operations opf , i G {1, . . . , k} such that the arity nf of 
opf equals the arity nf of opf for every i G {1, . . . , fc}. Denote by A the carrier of 
X and by Y the carrier of y. Then a function / : A — )> A is called homomorphism 
if for every i G {1 , . . . ,k} and xi, . . . G X we have: if opf {xi, . . . , x„.v) is 
defined then opf (/(xi), . . . , /(x„a^)) is also defined and /(opf (xi, . . . , x„a?)) = 
opf (/(xi), . . . , /( x„at)). a homomorphism / : A — A is called closed if for 
every i G {1, . . . , A:} and xi, . . . x„,v G X we have: if opf (/(xi), . . . , f{XnX )) is 
defined then opf (xi, . . . , x„y ) is also defined. If / is a bijection, then it is called 
an isomorphism, and the partial algebras X and y are called isomorphic. 

There is a strong connection between the concepts of homomorphism and 
congruence in partial algebras: If / is a surjective (closed) homomorphism from 
X to y, then the relation ^ C A x A defined by a ~ 6 4=^ /(a) = f{b) is a 
(closed) congruence and y is isomorphic to Xjr^. Gonversely, given a (closed) 
congruence ^ of X, the mapping h : X ^ Xj ^ given by h(x) = [x].^ is a 
surjective (closed) homomorphism. This homomorphism is called the natural 
homomorphism w.r.t. For more details on partial algebras see e.g. 

3 The General Approach 

An algebraic Petri net as introduced in |l iSj is based on a graph with vertices rep- 
resenting markings and edges labeled by transitions representing steps between 
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markings. Moreover, an operator + adds markings. The set of markings together 
with addition of markings denotes a commutative monoid A4 = (M, +) with 
neutral element e (the empty marking). To obtain the process term semantics 
of an algebraic Petri net, we assign to every marking and to every transition an 
information element used for concurrent composition. Two elementary process 
terms can be concurrently composed only if their associated information ele- 
ments are independent. The set of all possible information elements is denoted 
by a partial groupoid I = (I,+,dom^), where -j- denotes the composition of 
independent information elements, and independence is given by the symmetric 
relation dom_j_ C J x /. 

Since we will compose process terms concurrently and process terms have 
associated sets of information elements, we lift the partial groupoid (I, -j-, dom_j_) 
to the partial groupoid ( 2 ^, {-j-}, dom{ 4 .}). 

A process term a : mi — >■ m 2 represents a process transforming marking mi to 
marking m 2 . Process terms a: mi — >■ m 2 and (3\ m 3 — >■ can be sequentially 

composed, provided m 2 = m 3 , resulting in a; /3 : mi — >■ m 4 . This notation 
illustrates the occurrence of f3 after the occurrence of a. The set of information 
elements of the sequentially composed process term is the union of the sets of 
information elements of the single process terms. The process terms can also 
be composed concurrently to a \\ (3 \ rrii + m 3 — >■ m 2 -I- m 4 , provided the set of 
information elements of a is independent from the set of information elements of 
p. The set of information elements of a || /3 contains the concurrent composition 
of each element of the set of information elements of a with each element of the 
set of information elements of p. 

For sequential composition of process terms we need information about the 
start and the end of a process term, which are both single markings. For con- 
current composition, we require that the associated sets of information elements 
are independent. 

Two sets of information elements A and B do not have to be distinguished, 
if for each set of information elements C either both A and B are independent 
from C or both A and B are not independent from C. Therefore, we can use 
any equivalence = G 2^ x 2^ that is a congruence with respect to the opera- 
tions {-j-} (concurrent composition) and U (sequential composition) and satisfies 
(A = B A {A,C) G doTO{ 4 .}) => (B,C) G dom[^, i.e. which is a closed con- 
gruence of the partial algebra X = (2'^, {-j-}, dom{ 4 .j, U). The equivalence classes 
of the greatest (and hence coarsest) closed congruence represent the minimal in- 
formation assigned to process terms necessary for concurrent composition. This 
congruence is unique ( 0 ). 

Definition 1 (Algebraic (Ad,I)-net and its process term semantics). 

Let M = (M, -b) be a commutative monoid and X = (/, dom_j_, -j-) be a partial 
groupoid satisfying the properties defined in the previous section. Let = G 2^ x 2^ 
be the greatest closed congruence of the partial algebra X = (2^, {4-}, U). 

An algebraic {M,X)-net is a quadruple 

A = {M,T,pre: T -A M,post: T -A M) 
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together with a mapping inf:MUT^I satisfying 

(a) \/x,y G M : {inf{x),inf{y)) G dom+ inf{x + y) = inf{x) + inf{y). 

(b) \/t€T : {inf{t)} = {inf{t),inf{pre{t)),inf{post{t))}. 

Out of an algebraic net A we can build process terms that represent all ab- 
stract concurrent computations of A. Every process term a has associated an 
initial marking pre{a) G M , a final marking post{a) G M , and an information 
for concurrent composition Inf{a) G 2 ^/=^. In the following, for a process term 
a we write a : a — > b to denote that a is the initial marking and b is the final 
marking of a. 

The elementary process terms are 

ida ■ a — > a 

with associated information Inf{ida) = [{inf{a)}]^ for each a G M , and 

t : pre{f) — > post{t) 

with associated information Inf{t) = [{inf{t)}]'^ for each t G T. 

If a : ai — > 02 and (3 : bi — > &2 are process terms satisfying 
{Inf{a), Inf{P)) G dom^^/'^, their concurrent composition yields the process term 

a \\ p-. ai -Gbi — 02 + 62 

with associated information Inf{a || / 3 ) = Inf (a) {+}/siInf{P). 

If a : ai — > 02 and P : b\ — > &2 are process terms satisfying 
02 = bi, their sequential composition yields the process term 

a] P : ai — > &2 

with associated information Inf{a; P) = Inf{a) U/ai/n/(/ 3 ). 

The partial algebra of all process terms with the partial operations concurrent 
composition and sequential composition as defined above will be denoted by 'P(A). 

We consider the used factor algebra X/si up to isomorphism. Hence one can 
freely use any partial algebra isomorphic to X j 

Requirement (a) in the previous definition means that the concurrent com- 
position of information elements attached to markings respects the concurrent 
composition of the markings. Requirement (b) means that the information about 
the initial and the final marking of a transition is already included in the infor- 
mation associated to the transition. 

As mentioned in Introduction, we now define an equivalence of process terms 
identifying exactly those process terms representing the same run. Then each 
run is represented by an equivalence class of process terms. We require this 
equivalence to preserve the concurrent composition and sequential composition 
of process terms, i.e. to be a congruence with respect to these operations. 
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Definition 2 (Congruence of process terms). The congruence relation ~ 
on the set of process terms of an algebraic {M,T)-net is the least congruence on 
process terms with respect to the partial operations || and ; given by the following 
axioms for process terms Oi, 02, 03, 04 and markings x,y G M: 

1. (oi II 02) ~ (c«2 II cti), whenever || is defined for a\ and 02- 

2. ((oi II 02) II cka) ^ (cti II (02 II 0:3)), whenever these terms are defined. 

3 . ((oi; 02); eta) ~ (ai; (02; eta)), whenever these terms are defined. 

4. Oi = ((oi II 02); (eta II 04)) ^ j 3 = ((oi; 03) || (02! 0.4)), whenever these terms 
are defined and Inf{a) = Inf{( 3 ). 

5. idpQsi(^orf) ~ o ~ {idpj.^(^Qr)^of). 

6 . idf^^j^y) ^ {idx II idy), whenever these terms are defined. 

1 . a II idx ^ OL whenever the left term is defined, pre{a) + x = pre{a) and 
post{a) + a: = post(a). 

In the sequel we will write x to denote the elementary term idx. 

Proposition 1. By construction, a ^ (3 implies pyre{ot) = pre{P), post{a) = 
post{( 3 ) and Inf{a) = Inf{( 3 ). 

Axiom (1) represents commutativity of concurrent composition, axioms (2) 
and (3) associativity of concurrent and sequential composition. Axiom (4) states 
distributivity whenever both terms have the same information. It is also used 
in related approaches such as m- Notice that the partial order induced by 
/3 is a subset of the partial order induced by a. Therefore, the partial order 
induced by a can be understood as a partial sequentialization of the partial 
order induced by / 3 , i.e. it is a partial sequentialization of the run represented 
by the corresponding equivalence class of process terms. Axiom (5) states that 
elementary terms corresponding to elements of M are partial neutral elements 
with respect to sequential composition. Axiom (6) expresses that composition of 
these neutral elements is congruent to the neutral element constructed from their 
composition. Finally, axiom (7) states that elements of M which are neutral to 
the initial and final marking of a term are neutral to the term itself. 

For example, the process term ((a; c) || {^ 4 }); ((d; b) || {pi}) of the elementary 
net from Figure O generated in Figured and the process term (a || d); (c || b) of 
the elementary net from Figure El generated in Figure 0 are congruent: 

(4M5) 

(1).W.(4) 

(lh(5) 

( 5 ) 

W 

(1),(3),(4).(5) 



((a II (p4});(c II {P4»);((d II W);(& II W)) 
(a II {P4});((C;W) II ({P4};d));(fe || W) 

(a II {p 4 });(d II c);(b || {pi}) 

(a II {P4});((d;{p2}) || (M;c));(6 || W) 

(a II {P4}); ((d II {ps}); (c II fc})); {b || W) 
(a II d);(c II b). 



((a;c) II ^4);((d;b) || jpi}) 
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Note that given a transition t of a (A^,I)-net, the elementary term t rep- 
resents the single occurrence of the transition t leading from the marking m = 
pre(t) to the marking m! = post{t), and any term in the form t || x, where 
X G M, represents the single occurrence of the transition t leading from the 
marking m = x + pre(t) to the marking m' = x + post{t). 

Despite the differences between different classes of Petri nets, there are some 
common features of almost all net classes, such as the notions of marking (state), 
transition, and occurrence rule (see our contribution |^). 

Thus, in the following definition we suppose a Petri net with a set of markings, 
a set of transitions and an occurrence rule characterizing whether a transition is 
enabled to occur at a given marking and if yes determining the follower marking. 
We suppose that the considered Petri net has no fixed initial marking. 

Definition 3 (Corresponding algebraic (Af,I)-net). Let N be a Petri net 
with a set of markings M^, and a set of transitions Tff. Let m — ^ m' denote 
that a transition t is enabled to oecur in m and that its oeeurrence leads to the 
follower marking m' . 

Let A4 = (M,+) and I = (/, dom_j_, -j-). Then an algebraic {M,I)-net 
A= {M,T, pre : T ^ M, post : T ^ M) 

together with a mapping inf : M U T ^ I is called a corresponding algebraic 
{A4,I)-net to the net N iff: 

— A has the same domain for markings as N, i.e. M = Mf^ 

— transitions of A are those transitions of N which are enabled to occur in 
some marking, i.e. T = {t G Tff \ 3m, m' G M \ m — ^ nr'}, and 

— the occurrence rule is preserved, i.e. Vm,m' G M,t G T : m m' 

((m = pre{t)Am' = post{t))V (3x G M : {inf{x),inf{t)) G dom.^Ax+pre{t) = 
m A X + postft) = to')). 

In the following sections we construct corresponding algebraic (AI,I)-nets 
for several classes of Petri nets using the following scenario: 

— We give a classical definition of the considered net class including the occur- 
rence rule. 

— We identify A4 and construct T such that the requirements from Section El 
are satisfied. 

— We construct functions pre, post, inf in such a way that condition (a) from 
Definition nis valid and that domj^_, the independence relation of I, encodes 
the restriction of the occurrence rule. 

— We construct the greatest closed congruence = of the partial algebra 
{2^ , doTO{_j_}, {-)-}, U). Then, we construct a partial algebra isomorphic to 
(2^,doTO{4.},{4-},U)/ai. 

— We show that property (b) from Definition Q] is satisfied. 
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4 Elementary Nets 

In this section we represent elementary nets as algebraic (At,X)-nets. 

An elementary net consists of a set of places P, a set of transitions T and 
relations between them. Places can be in different states. Transitions can occur, 
depending on the state of some places. The occurrence of a transition can change 
the state of some places. 

Definition 4 (Elementary nets). An elementary net is a triple N = {P, T, F), 
where P (places) and T (transitions) are disjoint finite sets, and F Q (P x T) U 
(T X P) is a relation (flow relation). For a transition t € T, *t = {p G P \ 
(p,t) G P} is the pre-set oft and t* = {p g P \ (t,p) G F} is the post-set of 
t. Throughout the paper we assume that each transition has nonempty pre- and 
post-sets. 

Each subset of P is called a marking. A transition t G T is enabled to occur 
in a marking m C P iff *t C m A (m \ *t) fl t* =%. In this case, its occurrence 
leads to the marking m' = (m \ *t) U t* . 

As usual, places are graphically expressed by circles, transitions by boxes and 
elements of the flow relation by directed arcs. A marking of the net is represented 
by tokens in places. For an example of an elementary net see Introduction. 

The union of markings represents concurrent composition. Hence the ap- 
proach of the previous section looks as follows: A4 = (M, -I-) = (2^, U). 

The information element associated to an elementary process term con- 
sists of the set of used places. An information element is independent from 
another information element, if they are disjoint. Hence we define the set of 
information elements I = M = 2^ together with the independence relation 
dom+ = {(w, w') GMxM\wr\w' = l!l} and the operation w + w' = wUw'. 
The partial groupoid I = (/, dom_j_, -j-) respects the requirements of Section 0 

To And a (A4,X)-net corresponding to an elementary net N = (P,T,F), we 
need to define mappings pre, post : T ^ M which assign an initial and Anal 
marking to every transition, and a function inf : M U T — >■ / which assigns an 
information element to every marking m G M and every transition t G T: 

— For a transition t gT, pre{t) = *t and post{t) = t* . 

— For a marking m G M, infliri) = m. 

— For a transition t G T, inf(t) = *tUt*. 

It is easy to observe that the mapping inf satisfies the property (a) from 
Definition 0 

The following lemma shows that the occurrence rule is encoded by inf and 
dom+, as described in Introduction. 

Lemma 1. A transition t G T is enabled to occur in a marking m and its 
occurrence leads to the marking m' iff there exists a marking x such that 
(inflx), inf{t)) G dom+, x -\- pre(t) = m and x post{t) = to'. 



140 



Jorg Desel, Gabriel Juhas, and Robert Lorenz 



Proof. =i>: Choose x = m \ *t. 

4=: Assume an x with xn{*tUt* ) = 0. Obviously, C (a;U *t). Furthermore 
we have a; = (a; U *t) \ *t and xC\t* =0. Therefore t is enabled to occur in 
a; U *t = x + pre{t) and its occurrence leads to a: U t* = a; + post{t). □ 

To define a corresponding algebraic net and its process terms we have to 
find the greatest closed congruence on (2^, {+}, dom{ 4 .}, U). Actually, instead of 
considering the set of all information elements associated with a process term, it 
will be enough to consider the information about all involved places of a process 
term. We define the mapping supp : 2^ — >■ J, supp (A) = UiugA show that 

supp is the natural homomorphism w.r.t. the greatest closed congruence = on 
(2^,{+},doTO{+},U). 

Lemma 2. The relation = C 2^ x2^ defined by A = B 4=4» supp(A) = supp{B) 
is a closed congruence on (2-^, {+}, U). 

Proof. Straightforward observation. 

Lemma 3. The closed congruence = C 2^ x 2^ is the greatest closed congruence 
on ( 2-^ , {+} , dom{+} , U) . 

Proof. We show that any congruence ~ such that = is a proper subset of ~ is 
not closed. Assume there are A, A' G 2^ such that A m A' but A ^ A'. Then 
supp{A) ^ supp(A'). 

We define a set C G 2^ such that (A, C) G dom^^ but (A',C) ^ dom^^ 
or vice versa (which implies that ~ is not closed). Denoting supp{A) = w and 
supp(A') = w' we have that w ^ w' . 

Without loss of generality we assume w'\w ^ 0. Set C = {c} with c=w'\w. 
Then c fl tZJ = 0, but c fl w' yf 0, i.e. (A, C) G dom[^, but (A', C) ^ □ 

Taking pre, post, inf defmed above, we have supp{{inf{f)}) = U t* = (*t U 
t* ) U *tUt* = supp{{inf{t),inf{pre{t)),inf{post{t))}), and therefore the property 
(b) from Definition m is satisfied. Thus, we can formulate the following theorem. 

Theorem 1. Given an elementary net N = {P, T, F) with Ai, I, pre, post, inf as 
defined in this section, the quadruple An = {2^ ,T, pre, post) together with the 
mapping inf is an algebraic {M.,T)-net. Moreover, it is a corresponding algebraic 
{A4,I)-net to the net N. 



Remark 1. In our definition of elementary nets we use an occurrence rule which 
slightly differs from the standard occurrence rule as given in m Our main mo- 
tivation of using the presented occurrence rule is to have a definition which is 
compatible with PI- The only difference is that the occurrence of a transition 
with non-disjoint pre- and post-set is allowed in our definition, while using the 
standard occurrence rule for elementary nets such transitions are never enabled 
to occur and therefore, according to DefinitionOl are irrelevant for a correspond- 
ing (AI,I)-net. In other words, the corresponding (AI,I)-net for the standard 
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occurrence rule of an elementary net would differ from the one we presented in 
Theorem^only in the absence of transitions with non-disjoint pre- and post-set. 
In general, there is a more substantial difference between both occurrence rules. 
Namely, the occurrence rule used for elementary nets in this section corresponds 
in general to the occurrence rule of place/transition nets with weak capacity re- 
strictions, while the standard occurrence rule for elementary nets corresponds in 
general to the occurrence rule of place/transition nets with the strong capacity 
restrictions. For more details on this difference we refer to the Section and 

to Enmni. 

5 Elementary Nets with Positive Context 

In this section we represent elementary nets with positive context as algebraic 
(At,I)-nets. 

Definition 5 (Elementary nets with positive context). An elementary 
net with positive context is a quadruple N — {P,T,F,C+), where (P,T,F) is 
an elementary net and C+ Q P x T is a positive context relation satisfying 
{F U F~^) n C+ = 0. For a transition t, ^t = {p € P \ (p,t) € is the 
positive context oft. 

A transition t is enabled to occur in a marking m iff {*tU +t) C m A (m \ 
*t) n t* =%. Its occurrence leads to the marking m' = (m \ *t) U t* . 

The positive context of a transition is the set of places which are tested 
on presence of a token as a neccessary condition for the possible occurrence of 
the transition. As usual, elements of the positive context relation are graphically 
expressed by arcs ending with a black bullet (so called read arcs) . An elementary 
net with positive context is shown in Figure |H1 

In comparison to elementary nets without context, an information element 
consists of two disjoint components: the set of write places and the set of positive 
context places. Information elements are independent, if each component of the 
first element is disjoint with each component of the second element except pos- 
itive contexts, which may be overlapping. This reflects the fact that concurrent 
testing on presence of a token is allowed. 

For the rest of this section, let N = {P,T, F,C+) be an elementary net with 
positive context. 

Formally, we have A4 = (M,+) = (2^,U). The set of information elements 
is given by / = {{w,p) G 2^ x 2^ \ w (1 p = ^}. The independence relation is 
defined by domj^ = {((rc,p), {w',p')) \ wr\w' = wr\p' = w'r\p — 0}, and the 
operation -j- by (w,p) -j- {w',p') = (wU w',pUp'). 

X = (/, dom_j_, -b) satisfies the properties defined in Section El 

To define a (Ad,I)-net corresponding to the elementary net with positive 
context N = (P, T, F, C+), we need to define the mappings pre, post : T ^ M 
which attach an initial and final marking to every transition, and the mapping 
inf : M U T — > / which assigns an information element to every marking m G M 
and every transition t G T: 
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P5 




P2 P4 



Fig. 8. An example of an elementary net with positive context. Observe that *o = {pi}, 
a* = {P 2 } and = {pe}- Therefore, transition a is enabled to occur if the places pi 

and p6 are marked and the place p 2 is unmarked. Its occurrence removes a token from 
Pi and adds a token to P2. 



— A transition t has the initial marking pre(t) = *tU and the final marking 
post{t) = f* U 

— A marking m carries the information inf{m) = (0,m). 

— A transition t carries the information about the places which are contained 
in the pre- or post-set and about its positive context places, i.e. mf{t) = 
(•tut* , +t). 

For example, transition a from the net in Figure |S| has attached pre(a) = 
{PiiTe}) post{a) = {p 2 ,P&\ and the information element mf{a) = (w,p) = 
{{PijP 2 }, {Pe})- Transition c has attached the information element zn/(c) = 
{w' ,p') = ({P 3 ,P 4 }, {pe})- These information elements are independent. They 
have the common positive context place pe, but concurrent testing on presence 
of a token is allowed. On the other hand, transition e with information element 
zn/(e) = {w",p") = ({psjPe};®) is independent neither with a nor with c, be- 
cause the write place pq of e is the positive context place of both a and c, i.e. 
w" n p yf 0 as well as w” 0 p' yf 0. 

Property (a) from Definition Q] is valid for {M,+), X = (/, doTO_j_, -j-) and inj 
defined above. 

The following lemma shows that taking such mappings pre, post, inf, the par- 
tial groupoid I encodes the occurrence rule. 

Lemma 4. Given an elementary net with positive context, a transition t is en- 
abled to occur in a marking m and its occurrence leads to the marking m' iff 
there exists a marking x such that {inf{x),inf(t)) G domj^, x -\- pre{f) = m and 
X -b postft) = m' . 

Proof. =b: Choosing x = m\{*tU +t) we have that {inf (x), inf {f)) G dom^ and 
m = x-\-pre{t) = a; U ( *t U +t). We have to show that x-\-post{t) equals to', i.e. 
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xU {t* U = {{x U ( U +i)) \ *t) U t* . This follows from the fact that by 
definition of elementary nets with positive context fl = 0. 

<t=: Taking any x such that xr\{*tUt* ) = 0, we have ( *tU C xU( *tU ~^t). 
Furthermore (because of = 0) we have xU = (xU +tU *t) \ *t 

and (xU = 0. Therefore t is enabled to occur in xU( •fU +t) = x+pre{t) 

and its occurence leads to x U (t* U +t) = x + post{t). □ 

Finally, we construct the greatest closed congruence = of (2^, {+}, dom{ 4 .}, U). 
Again we define a mapping supp which turns out to be the natural homomor- 
phism of this greatest closed congruence. Define two mappings si, S 2 : 2^ — >■ 2^ 
by 

si(^) = U = U 

(w,p)gA {w,p)gA 

and supp : 2^ — >• / by supp (A) = (si(A),S 2 (A) \ si(A)). 

Lemma 5. Let o be the binary operation on I defined by (w,p) o (w',p') = 
{w U w' , {p U p') \ {w U w')). Then the mapping supp : {2^ , {4-}, dom^pj. , U) — >■ 
(/, -j-, domp, o) is a surjective closed homomorphism. 

Proof. The operation o is well-defined because for any x,y G I, we have xoy g I. 

(a) supp is a homomorphism for the operations {-j-} and U on 2^, because both 
equations supp {A {-j-} A') = supp (A) -j- supp {A') (whenever both sides are 
defined) and supp {A U A') = supp (A) o supp (A') follow directly from the 
properties of U. 

(b) We show the closedness of supp , that is 

(A, A') G dom{p} 4=^ (supp (A), supp {A')) G dom^ 

for any two A, A' C I. Denote Si(A) = w, 52 (A) = p, Si(A') = w' and 
S 2 (A') = p' . Then 

'i{w,p) G A, W{w',p') G A' : ru n ru' = (ru U w') fl (p Up') = 0 

4 =^ w n w' = 0 A (w U w') n ((p \ w) U (p' \ w')) = 0. 

(c) The mapping supp is surjective, because, for any (w,p) G /, we have 
supp{{{w,p)}) = {w,p). 

□ 

Lemma 6. The closed congruence = C 2^ x 2^ defined by 
A = B 4=^ supp{A) = supp{B) 



is the greatest closed congruence on (2-^, {-j-}, dom^pj., U). 
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Proof. We will show that any congruence ~ such that = is a proper subset of ~ 
is not closed. Assume there are A, A' £ 2^ such that A Ri A' but A ^ A'. Then 
supp{A) ^ supp(A'). 

We define a set C G 2^ such that (A, C) G dom^py but (A',C) ^ domy^ 
or vice versa (which implies that « is not closed). If supp{A) = (w,p) and 
supp(A') = {w',p'), then w C\p = w' C\p' = 9 (by definition of I) and p yf 
p' V w (since supp{A) ^ supp{A')). 

Let w ^ w'. Without loss of generality we assume w' \w ^ 0. Set C = 
{ (cju ; Cp) } with Cyj = % and Cp = w' \ w. Then CujriTI; = Cujnp = Cp rit(J = 0, but 
Cp n wJ' yf 0, i.e. (A, C) G domypy, but (A', C) ^ domy^y . 

Now let w = w' and p ^p' . Without loss of generality we assume p' \ p 
Set C = {{Cw,Cp)} with c^, = {p' \p) and Cp = 0. Then Cu, y^ 0, CwAw = Cu, Dp = 
to n Cp = 0 and CwAp'^ 0, and we are finished. □ 

Easy computation, using ( ‘t U t* ) fl = 0, proves condition (b) from Defi- 
nition □ i.e. supp{{mf{f)}) = supp{{mf{t) ,mf{pre{t)) ,mf{post{t))}) . 

Now we are able to represent an elementary net with positive context as an 
algebraic (A^,I)-net. 

Theorem 2. Let N = {P^T, F,C.^) be an elementary net with positive eon- 
text, together with M,I,pre, post, inf defined throughout this seetion. Then the 
quadruple An = {2^ ,T,pre,post) together with the mapping inf is an algebraic 
{M.,I)-net. Moreover, it is a corresponding algebraic {Ai,I)-net to N. 



Remark 2. Taking an elementary net with empty positive context, Theorem □ 
and Theorem □ define algebraic nets Ai and A 2 generating different sets of 
process terms: the set of the process terms 'P{A\) obtained using TheoremQis a 
subset of the set of process terms P{A 2 ) obtained using TheoremQ By Theorem 

□ terms of the form ida || ida are allowed for any marking a. However, because 
we have ida || ida ~ ida, and ida belongs to 'P(Ai), the partial algebra V{Ai)/r.^ 
according to Theorem Hand the partial algebra V{A 2 )/,^ according to Theorem 

□ are isomorphic. 

A possible process term of the net from Figure 0is a = (e || {pijPs}); (a || 
c);(b II / II d) : {pi,P 3 ,P 5 } {pi,P 3 ,P 5 j with the information Inf{a) = 
{{pi,P 2 ,P 3 ,Pa,P 3 ,P 6 },^)- Observe, that the place pe, which is a write place of e 
and / but the positive context place of a and c appears as a write place of a. 

In the case of elementary nets without context we have 

(infit)} ^ {inf(pre(t)),inf(post(t))}. 

That means that the information of a transition can be derived from the informa- 
tion of its initial and final marking. However, as it is illustrated by elementary 
nets with positive context, this is not the general case. For elementary nets 
with positive context inf{t) contains more detailed information. This informa- 
tion about the nature of places distinguishes places whose state is changed by 
the occurrence of a transition and those places which are only tested. 
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Pi P2 




P3 P4 



Fig. 9. An example of an elementary net with negative context. Observe that *d = 
{Pa}, d‘ — {P2} and ~d = {pa}. Therefore, transition d is enabled to occur if p4 is 
marked and both p2 and ps are unmarked. Its occurrence removes a token from p4 and 
adds a token to P2. 



6 Elementary Nets with Negative Context 

In this section we represent elementary nets with negative context as algebraic 
(At,I)-nets. 

Definition 6 (Elementary net with negative context). An elementary net 
with negative context is a quadruple N = {P,T,F,C-), where (P,T,F) is an 
elementary net and C- Q P x T is a negative context relation satisfying (F U 
F~^) n C_ = 0. For a transition t, ~t = {p G P \ (p,t) G C_} is the negative 
context oft. 

A transition t is enabled in a marking m iff *t G_ mA(m\ *t)n( “tUt* ) = (0. 
Its occurrence leads to the marking m' = (m \ *t) U t* . 

The negative context of a transition t is the set of places which are tested 
on absence of a token for the possible occurrence of a transition. Elements of 
the negative context relation are graphically expressed by arcs ending with a 
circle (so called inhibitor arcs). Figure 0 shows an elementary net with negative 
context. 

Similarly to elementary nets with positive context, we need information ele- 
ments which consist of two disjoint components: the set of write places, and the 
set of negative context places. Concurrent composition of information elements 
is allowed if each component of the first element is disjoint with each component 
of the second element except negative contexts, which may be overlapping. This 
reflects the fact that concurrent testing on absence of a token is allowed. 

Formally, we have the same algebra M for markings and the same partial 
algebra I for information elements as for elementary nets with positive context, 
and therefore requirements from Section 0 are fulfilled. 

We define pre,post by pre(t) = *t, postft) = t* for each t G T and inf hy 
inf{m) = {m, 0) for each m G 2^ and inf(t) = ( U t* , ~t) for each t gT. 



^ Remember that tn ‘t = tC\t‘ — % but n t* can be nonempty. 
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For example, transition d from the net in Figure 0 has attached pre{d) = 
{pa}, post{d) = {P 2 } and the information element 7nf{d) = (w,p) = {{p 2 ,P 4 }, 

tel). 

Property (a) from Definition ^ is fulfilled and I encodes the occurrence rule 
of the net with negative context. Moreover, property (b) from Definition ^ is 
preserved. So, we can formulate the following theorem. 

Theorem 3. Given an elementary net with negative context N = F,C-) 

together with A4,I,pre,post,inf defined in this section, the quadruple An = 
{2^ ,T,pre,post) together with the mapping inf is a (Ai,I)-net. Moreover, it is 
a corresponding {M,I)-net to N. 



Remark 3. For nets with positive context, idle tokens generated by an elemen- 
tary process term m can be concurrently composed with each other. Hence the 
respective places belong to the second component representing the context. How- 
ever, for nets with negative context, an additional token can spoil the enabledness 
of a transition. So, for this class places carrying tokens generated by elementary 
process terms m belong to the first component representing write places. This 
way, a concurrent composition of a process term using a place for inhibition with 
a process term using the same place for an (idle or moving) token is prevented. 

A possible process term of the net from Figure 0 is 

{d II {pi,P5}); {a II {P 2 }); {b II c) : {pi,P4,P5} {Pi,P4,P5} 

with information {{pi,P 2 ,P 3 ,P 4 ,P 5 },^)- 

7 Elementary Nets with Mixed Context 

In this section we associate to an elementary net with (mixed) context an alge- 
braic (At,I)-net. 

Definition 7 (Elementary net with (mixed) context). An elementary net 
with (mixed) context is a five-tuple N — {P,T,F,C+,C-), where {P,T,F) is an 
elementary net, and (7+, C_ Q P x T are positive and negative context relations 
satisfying {F U F~^) fl (C+ U C_) = C+ fl C- = 0. For a transition t, *t, t* , 
and ~t are defined as in the previous sections. 

A transition t is enabled to occur in a marking m iff {*tU ~^t) C m A (m \ 
*t) n ( “t U t* ) = 0. Its occurrence leads to the marking m' = (m \ *t) U t* , in 
symbols m — ^ m' . 

Figure E3 shows an elementary net with (mixed) context. 

Again we have M. = (M, -b) = (2^,U). An information element consists of 
three disjoint components: the set of write places, the set of positive context 
places and the set of negative context places. Information elements are inde- 
pendent if each component of the first element is disjoint from each component 
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P5 



Fig. 10. An elementary net with (mixed) context. 



of the second element, except positive contexts (the second components) and 
negative contexts (the third components). This reflects the fact that concurrent 
testing on presence of a token as well as concurrent testing on absence of a token 
is allowed. 

Formally, we define the set of information elements 

I = {{w,p, n) € 2^ X 2^ X 2^ \ w n p = w D n = p D n = 9}, 
together with the independence relation 

dom^ = {{{w,p, n), (w' ,p' , n')) \ w D w' = w F\ {p' U n') 

= w' r\ (pU n) = pDn' = p' r\n = 9}, 



and the operation 

{w,p, n) -j- (w' ,p', n') = (w U w' ,p Up', n U n'). 

For I = (J, dom_j_, +) the requirements from Section[3 are fulfilled. 

To define a (Ad,I)-net corresponding to an elementary net with context 
N = {P,T, F,C+,C-), we need to define the mappings pre,post : T ^ M 
attaching an initial and final marking to every transition t, and the function 
inf : M UT — > / assigning an information to every marking m and every transition 
t: 



— A transition t has the initial marking pre(t) = *tU and the final marking 
post{t) = U 

— A marking m carries the information mf{m) = (0, m, 0). 

— A transition t carries information about write places and extra information 

about positive and negative context places, i.e. inf{t) = ( U t* , ~t). 
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For example, transition b from the net in Figure cni has attached pre{b) = 
{P2}, post{b) = {pi} and the information element mf{b) = {w,p,n) = {{pi,P2}, 
0, {ps}), while transition g has attached the information element inf{g) = {w' ,p', 
— ({PsiP?}) {PsIj 0 )- These information elements are not independent, be- 
cause the negative context place ps of b is the positive context place of p, i.e. 

n rip' ^ 0. 

The mapping inf satisfies property (a) from Definition ^ 

Similarly to Lemma 0 one can show for the functions pre, post, inf that the 
partial algebra I encodes the occurrence rule of the net with mixed context. 

Again, we have to find the greatest closed congruence = of ( 2 -^, {-j-}, dom^^, 
U). We define a mapping supp which turns out to be the natural homomorphism 
of this greatest closed congruence. 

Define three mappings si, S2, S3 : 2 ^ — >■ 2 ^ by 

si(A) = y u;, 52(A) = (J p and S3(A) = (J n. 

(w,p,n)^A {w,p,n)^A [w,p,n)^A 

Define s : 2 ^ — >■ 2 ^ by s(A) = si(A) U (52(A) fl 33(A)). 

Finally, define supp : 2 ^ — >• / by supp (A) = (s(A), S2(A)\s(A), S3(A)\s(A)). 

Lemma 7 . Let o be the binary operation on I defined by 

{w,p,n) o {w',p',n') = supp{{{w,p,n), {w' ,p' ,n')}). 

Then the mapping supp : ( 2 ^, { 4 -}, U) — >■ (/, dom_j_, -j-, o) is a surjeetive 

closed homomorphism. 

Proof. First we show the closedness of supp, i.e. 

(A, A') € 4 =^ (supp (A), supp {A')) € dom+. 

We write shortly si, S2, S3 and s to denote si(A), 32(A), 33(A) and s(A) 
resp. s(, S2, S3 and s' to denote si(A'), S2(A'), S3(A') and s(A'). 

Suppose that (A, A') G dom^^ but {supp {A), supp {A')) ^ dom+. 

Case 1 : s fl s' yf 0 , i.e. (si U (s2 H S3)) fl (s'3 U (s2 H S3)) yf 0 . 

— Si n S3 yf 0 contradicts V(u;,p, n) G A, {w',p', n') € A' : w Dw' = 0 , 

— Si n(s2riS3) yf 0 contradicts \/{w,p, n) G A, {w',p', n') G A' : uifl (pUn) = 0 , 

— (s2ns3)n(s2riS3) yf 0 contradicts V(u;,p, n) G A, {w',p', n') G A' : pfln' = 0 . 

Case 2 : (s2 \ s) fl s' yf 0 , i.e. (s2 \ (si U (s2 H S3))) fl (s'3 U (s^ H Sg)) yf 0 . 

“ (s2 \ (si U (s2 n S3))) n s'l yf 0 contradicts V(u;,p, n) G A,{w',p',n') G A' : 
p n w' = 0. 

“ (s2 \ (si U (s2 n S3))) n (s2 n S3) yf 0 contradicts V(u;,p, n) G A, {w',p', n') G 
A' :pnn' = 0 . 
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All remaining cases are similar. 

4 =: Suppose that {A, A') ^ dom^^ but (supp{A), supp(A')) G dom+. 

Case 1 : 3 (tc,p, n) G A, (w',p', n') € A' : w H w' ^ 0 contradicts s fl s' = 0 . 

Case 2 : 3 (w,p, n) G A, {w',p', n') G A' : pH w' ^ 0 : 

-{ptlw') n (( U ^ ( u z)) ^ 0 contradicts s fl s' = 0, 

(x,y,z)^A {x,y,z)^A 

— {p n w') n (( a;) U ( z)) = 0 contradicts (s2 \ s) fl s' = 0 . 

(x,y,z)GA {x,y,z)GA 

All remaining cases are similar. 

Now we show that supp {A{+}A') = supp(A) -j- supp(A'), whenever defined. 
Let supp{A{\]A') = {w,p,n), where w = Si U s'^ U ((s2 U S2) H (S3 U Sg)), 
p = (s2 U S2) \ w and n = (sg U Sg) \ w. Since ( supp (A), supp (A')) G domj^, we 
have 

(S2 \ s) n (s'g \ s') = s n s' = (s'2 \ s') n (sg \ s) = 0 , ( 1 ) 

(s2 \ s) n s' = s n s' = (s2 \ s') n s = 0. (2) 

Equations CD and m imply (s2 n Sg) = (s'2 fl sg) = 0 . This gives w = si U (s2 H 

S3)Us'gU(s2riS3) = sUs'. Together with equation (0 this gives S2ris' = s^Hs = 0 . 

Then p = (s2 \ s) U (s2 \ s'). Similarly, n = (sg \ s) U (sg \ s'). 

Finally, we have to show that 

supp (A U A') = supp (A) o supp {A') = supp {{supp (A), supp {A')}). 

We have s = si U (s2 fl S3) and s' = s{ U (s'2 fl Sg), and therefore 

Si U s']^ C s U s' C Si U s'l U ((s2 U S2) fl (sg U Sg)) = s(A U A'). 

Since s({ supp(A), supp(A')}) = sUs'U(((s2\s)U(s'2\s'))n((s3\s)U(sg\s'))), 
we have s(A U A') = s({ supp (A), supp (A')}). Similarly 

S2(A U a') \ s(A U A') = S2({ supp (A), supp (A')}) \ s({ supp (A), supp (A')}) 

and 

sg(A U A') \ s(A U A') = sg({ supp (A), supp (A')}) \ s({ supp (A), supp (A')}). 
To show surjectivity, let (w,p,n) G I. Then supp {{{w,p,n)}) = {w,p,n). □ 

Lemma 8 . The closed congruence = C 2 ^ x 2 ^ defined by 
A = B 4 =^ supp (A) = supp (B) 

is the greatest closed congruence on the partial algebra X = ( 2 ^, dom{4.}, {+}, U). 
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Proof. Assume there is a closed congruence Ri on A with = C Ri. Let A, A' G 2^ 
with A K. A' but A A' . This means supp{A) ^ supp(A'). We will define 

a set C G 2^ with (A, C) G dom{_j_} and (A',C) ^ dom{.j_} or vice versa, what 
contradicts the closedness of Ri. 

Let supp{A) = (w,p,fi) and supp(A') = {w' ,p' ,n'). Then ui ^ uj' or p ^ p' 
or n^n' . 

Assume first that w ' \w ^ 0. Set C = {(0, th ' \ (th U n),n)}. Clearly, 
(A, C) G dom{^ . lfw'\wCn then w' Dfi ^ 0 and therefore (A', C) ^ dom^^ . 
lfw'\W%n then u; ' fl (Th ' \ (wU n)) ^ 0 and therefore (A', C) ^ dom^^ . 

Now assume w = w' and p' \ p ^ 0. Set C = {(0,0,p' \p)}- Assume 
finally w = W ' and n' \ n ^ Set C = {(0, n ' \ n, 0)}. In both previous cases 
(A, C) G dom{_j_} but (A',C) ^ doTO{_j_}. □ 

The partial algebra (2-^, dom{ 4 .}, {+}, U)/^^ is isomorphic to the partial alge- 
bra (/, c?OTO_j_, -i", o). For elementary nets with context we only have to use one 
element of the set / as the information of a process term. This element consists 
of three sets of places - the set of write places, the set of positive context places 
which are not write places, and the set of negative context places which are not 
write places. 

For example, the process term a = a;{b || {pi}) : {pi,P4} — >■ {pi,P4} of 
the net in Figure E3 has the information Inf{a) = {{pi,P 2 }, {pa}, {P 5 }) and 
the process term (3 = f \ {p 4 ,pe} {PAiPr} has the information Inf(P) = 
({P 6 ;P 7 }j {pa}, 0)- Observe that they can be concurrently composed yielding the 
process term j = a \\ P = {a; {b || {^ 4 })) II / : {pi,Pa,P 6 } {pi,Pa,P7} with 

Mil) = ({Pl,P2,P6,P7},{P4},{P5})- 

Property (b) from Definition^is valid, and therefore we can give the theorem: 

Theorem 4. Given an elementary net with (mixed) context N = 

C-) together with M., I, pre, post, inf defined in this section, the quadruple An = 
{2^ ,T,pre,post) together with the mapping inf is an algebraic -net. More- 

over, it is a corresponding algebraic {M.,I)-net to the net N. 



Remark 4 . Similarly to Remark El given an elementary net with negative con- 
text, the equivalence classes of process terms obtained using Theorems El and E] 
are isomorphic. 



8 Relationship between Process Terms and Processes 
of Elementary Nets with Context 

In this section we prove for elementary nets with mixed context a one-to-one 
correspondence between the obtained non-sequential semantics and the partial- 
order based semantics obtained in the usual way using process nets. Analogous 
results hold for elementary nets without context, for elementary nets with (only) 
positive context, and for elementary nets with (only) negative context. 
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8.1 Process Semantics of Elementary Nets with Context 

In this subsection we give the definition of partial-order based process semantics 
of elementary nets with context as introduced in m- 

We say that a marking m' is reachable from a marking m, if m = m! or if 
there is a finite sequence of transitions , . . . , such that 

*1. in / 

m — > mi . . . mn-i — > m . 

An elementary net with positive context is said to be contact-free w.r.t. an 
initial marking ttiq, if for each marking m reachable from mo and each transition 
t : ( U C m n m = 0. 

As it is shown in m, an elementary net with mixed context can be trans- 
formed via complementation into a contact-free elementary net with positive con- 
text exhibiting the same behaviour. For technical reasons we assign complement- 
places (co-places) to every place. The complementation is defined as follows: 

Definition 8 (Complementation). Given an elementary net with context 
N = (P, T, F, C+, C_), let P' be a set satisfying \P'\ = |P| and P' fl (PUT) = 0, 
and let c P ^ P' be a bijection. 

The complementation N = (P, T, F, C+) of N is defined by 

P = PUP', 

T = T, 

F = FU {(t,c{p)) I (p,t) G P A (t,p) ^ P} 

U {(c(p),t) I (t,p) G P A (p,t) ^ P}, 

c^=c+uMp),t) I (p,i) eP-}. 

Given an initial marking mo of N , its complementation mo is defined by 
Too = mo U {c{p) \ p€ P,p^ mo}. 

Given an elementary net with context N, the construction of N is unique up 
to isomorphism. 

Proposition 2 (US])- Given an elementary net with context N and an initial 
marking mo of N, its complementation N is contact-free w.r.t. mjj- 

FigurelTTlshows a complementation of the net from Figure imw.r.t. the initial 
marking {pi,P3,Pe}- We only draw the co-places, which are necessary to express 
negative context places using positive context places and to obtain a contact- 
free net according to the given initial marking. In Figure the only co-place 
we need to draw is p^. 

Definition 9 (The cansality relation ^ of an elementary net with pos- 
itive context). Let N = {P,T.,F^C.^) be a net with positive context. Then 
denotes the minimal transitive and reflexive binary relation on P UT satisfying 
the following conditions: 
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Fig. 11. The complementation of the net from Figure ^3 w.r.t. the initial marking 
{pi,P3,Pe}- 



(a) (x,y) € F implies x TJ- 

(b) (t,p) € F and (p,s) € C+ implies t s. 

(c) (p,t) € C+ and (p,s) € F implies t s. 

Furthermore we define <n=^n | x G P U T}. Whenever the net N is 

clear from the context we simply write ^ instead of o,nd < instead of <n- 

The intuition behind the definition of the causality relation is that the flow 
relation defines causality between transitions in the usual way, i.e.: 

— If a place of the post-set of a transition t belongs to the pre-set of a transition 
s than t causally precedes s, 

while the positive context relation defines causality in the following two ways: 

~ If an occurrence of a transition t produces a token in a place p and a transition 
s tests the place p on presence of a token, then transition t causally precedes 
transition s. 

— If a transition t tests a place p on the presence of a token and an occurrence 
of a transition s removes a token from the place p then transition t causally 
precedes transition s. 

Definition 10 (Contextual occurrence net). A contextual occurrence net is 
an elementary net with positive context K = {Bx, Efc, Fj^^Ck) such that 

(a) is a partial order, 

(b) \ *b\,\b*\^l for allb&BS (places are unbranched) . 

where *6 = {e G Ek \ (e,b) G Fk} is the pre-set of h and 6* = {e G Ek \ (b,e) G 
Fk} is the post-set of b 
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a ► b 




Fig. 12. An example of a contextual occurrence net and the underlying partial order. 
The contextual occurrence net together with the identity function is a process of the 
elementary net with context from Figure E3 



Graphically, a contextual occurrence net might have read arcs (arcs for pos- 
itive context), but each place has at most one ingoing and one outgoing proper 
arc. Two ordered transitions are connected by a sequence of directed proper arcs 
(at least one) and undirected read arcs. 

An example of a contextual occurrence net and the underlying partial order 
is shown in Figure El 

Definition 11 (Co-set, slice). A co-set of a contextual occurrence net K is a 
subset S C Bk such that for no a, b € S: a <k b. A slice is a maximal co-set. 

Denote *K = {b G Bx \ | *^| = 0} and K* = {b G Bx | |&* | = 0}. 

Definition 12 (Process of a contact-free elementary net with positive 
context). Let N = (P,T, F,C+) be an elementary net with positive context and 
let Too Q P be an initial marking of N, such that N is contact-free w.r.t. mg. 
A process K of N w.r.t. mo is a five-tuple K = {Bx , Ex , Fk ,Cx , Pk) , where 
{Bx,Ex, Ex, Cx) is a contextual occurrence net and px '. Bx U Ex — )> P U T 
is a mapping satisfying 

(a) px{'K) = mo, 

(b) px\d is injective for every slice D of K, 



154 



Jorg Desel, Gabriel Juhas, and Robert Lorenz 



(c) pk{D) is reachable from mo for every slice D of K, 

(d) For each e € E^: p(*e) = *(p(e)), p(e* ) = (p(e))* and p{~^e) = +(p(e)). 

Given a process K = {Bk, Ek, Ek, Ck, Pk) of a contact-free elementary net 
with positive context N (w.r.t. an initial marking mo) and a set A of isolated 
places of K (i.e. Vb € A, e € Ek ■ b ^ *e U e* U +e) we have that {Bk \ 
A, Ek, Ek, Ck, Pk\{Bk\a)uEk) ^ process of N (w.r.t. the initial marking m'^ = 
m \ pk{A)). In other words, after removing isolated places from a process of N 
we still have a process of N. 

For technical reason, we assume that processes contain no isolated places 
which are mapped to co-places. 

Definition 13 (Process of an elementary net with (mixed) context). 

Let N = {P,T, E,C+,C-) be an elementary net with context, mo be an ini- 
tial marking of N, N = {P,T,F,C+) be the complementation of N and K = 
{Bk , Ek, Fk,Ck, Pk) be a process of N w.r.t. the initial marking rnd. De- 
note by BfQQ = {b G Bk \ PK{b) ^ P A (Ve G Ek ■ b ^ *e U e* U ~^e)} 
the set of all isolated places of K which are mapped to co-places of N . Then 
{Bk \ Dfco’^K,FK,CK,PK\(BK\BfcoCEK) “ZZed a process of N w.r.t. an 
initial marking mo. 

Let P{N,m) be the set of all processes of N w.r.t. an initial marking m. By 
nm = V{N,m) we denote the set of all processes of N . 

The contextual occurrence net in Figure fT^ together with the identity func- 
tion is a process of the elementary net with context from Figure cni 

Processes Ki = {B\, E\, Ei,C\, pi) and 1^2 = {B^, E2, E2,C2, P2) are isomor- 
phic (in symbols K\ ~ K2) iff there exist bijections 7 : — )> B 2,5 : E\ ^ E2 

such that \/b G Bi,e € El : 

{b,e) G El 4 =^ {j{b),d{e)) G F2, 

{e,b) G El 4 =^ (( 5 (e), 7(6)) e F2, 

{b,e) G Cl ^ {j{b),S{e)) G C2, 

Pi{b) = P 2 {l{b)),pi{e) = P2{5{e)). 



8.2 Compositionality of Processes 

In this section we show how processes of elementary nets with context can be 
concurrently and sequentially composed. The results are similar to those given 
for elementary nets without context in [ 2512 tij (sequential composition is due to 

PI). 

Let N = {P,T, F,C+,C-) be an elementary net with context, let N = 
{P, T, F, C+) be its complementation, and let c denote the bijection associating 
co-places to places from P. 

For a process K = {Bk, Ek, Ek, Ck, Pk) of N, we define: 
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— as the set of write places of K mapped by p to places of N, formally 

= {b € Bk I PK{b) € P A (3e € Ek ■ b G *e U e* )}, 

— ~^K as the set of positive context places of K, which do not correspond to 
negative context places of N and are not write places of K, formally 

+K={bGBK\ PK{b) G P AiVeG Ek ■■ 6 ^ *e U e* )}, 

— and ~K as the set of places, which correspond to negative context places of 
N and are not write places of K, formally 

~K={bGBK\ PK{b) P A{\/eG Ek ■■ 6 ^ *e U e* )}. 

We now define elementary processes w.r.t. markings and transitions of N. 

Definition 14 (Elementary process associated to a marking). Let m C P 

be a marking of N . Then the process 

K{m) = (to, 0, 0, 0, zdm) 

of N is called elementary process associated to to. 

Definition 15 (Elementary process associated to a transition). Let t G T 

be a transition of N. Then the process K{t) of net N defined by 

K{t) = CtUf U +t, {t}, ( •t X {t}) U {{t} xf),+tx {t}, id. tut- u +zu{t}), 

where *t, t* and are defined w.r.t. N, is called elementary process associated 
to t. 

Processes can be composed concurrently and sequentially: 

Proposition 3. Let c be the bijection associating co-places to places of N and 
c~^ its inverse. Let Ki = (Pi, Pi, Pi, Ci, pi) and K2 = (P2, P2, P27 C'2, P2) be 
two processes of N w.r.t. initial markings mi and m2 with disjoint sets of tran- 
sitions such that V61 G Pi, 62 G P2 : 

bi = 62 (61 G ~*"Pi U Pi A &2 G ~*"P2 U P2 A pi{bi) = ^2(^2))) (3) 

and 



0 = Pi(^Pi)np2(^i^2), (4) 

0 = Pl(^Pl) n (P 2 ( +P 2 ) U C-\p2{~K2))), ( 5 ) 

0 = P 2 ("P 2 ) n (pi( +Pi) u c-'(pi( -Pi))), (6) 

0 = Pi(+Pi)nc-i(p2(-P2)), (7) 

0 = P2(+P2)nc-i(pi(-Pi)). (8) 



Then K = {Bk^Ek^EktCk, Pk), where P = Pi UP2,P = Pi UP2,P = 
Pi U P2, C = Cl U C27 P = Pi U p2, is a process of N. 
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Definition 16 (Concurrent composition of processes). With notions of 
Proposition\^ the process K is called the concurrent composition of the processes 
Ki and K 2 - It is denoted by K\ || K 2 - 

Proof of Proposition 3. No element of Fi {i = 1,2) contains glued places, i.e. 
places in i?i fl i?2- Therefore, (B,E,F,C) is an occurrence net. 

Since bi = 62 Pi(^i) = ^2(^2) for any b\ G i?i, 62 S B2, p is well defined. 
Every slice D of Ki || K 2 can be written in the form 

D = Di U D2 

with slices Di of Ki and D 2 of i^2- We show that p\D is injective. Suppose that 
this is not true, i.e. that there exists bi G Di and 62 G D 2 satisfying hi 62 and 
p(6i) = p(f»2)- It is enough to consider the following four situations: 

a) p(b\) ^ P,bi G ^Ki,b2 G ^K2- by construction of complement places, there 
exists h'l G ^Ki and b'2 G ^K2 such that pi{b'i) = ^2(^2) ^ contradicting 
0 ), 

b) p{h\) G P,bi G G *1^2, contradicting ( 0 , 

c) p{bi) ^ P,bi G ^Ki,b 2 G ~ K 2 - from properties of complementation there 
exists h'l G such that pi{b'i) = c“^(p2(^2)), contradicting 

d) p{hi) G P,bi G *1^1, &2 G contradicting 0 . 

Take a marking m reachable from toq = p( *Ki) and let 

ti tn 

rriQ — > mi . . . m^-i — > m^ = m. 

Since we replaced negative context by positive context, for any marking m' with 
II Uo<i<n marking m\J m' is reachable from toq U to', firing the 

same sequence of transitions. Using the fact that 

pi{ *Ki) n p 2{*K2) = pi{Di) n p2{f>2), 

it is easy to see that p{D) is reachable from p{*{Ki || K 2 )) = pi{*Ki)Up 2 { *K 2 ). 

Since Fi contains no glued places {i = 1,2), p preserves pre- and post-sets 
of transitions. The preservation of the positive contexts of transitions follows 
directly from the construction of C . 

Thus, K = Ki II K 2 is a process of N w.r.t. the initial marking p{ *K). 

It remains to show that K is also a process of N w.r.t. the initial marking 
p{*K) n P, i.e. there is a process K = {B,E,F,C,p) of N w.r.t. the initial 
marking p{*K) (IP such that K = {B\Bf‘(^Q,E,E,C,p\^^gK^^^J■^)■ 

Without loss of generality, suppose that B (1 P = ^. Set 

K={BU {{c{p) I P ^ p( *X) n P} \ p{B)),E, P, C,p), 

where p = p on B U E and p = id on {c{p) \ p ^ p{ *K) fl P} \ p{B). Clearly K 
is a process of N with respect to the initial marking 



p{ *K) U ({c(p) I p ^ p( *pr) n P} \ p{B)). 



Petri Nets over Partial Algebra 157 

Because Ki and K2 have no isolated places which are copies of co-places, 
also Ki II K2 contains no isolated places which are mapped to co-places, i.e. 

B = B\Bfco- 

To prove that itT is a process of N w.r.t. the initial marking 

p{^K)r\P = {p{ • AT) n P) U {c{p) \ pip{’K)C\ P} 
it suffices to show that 

{p{'K)r\P)u{c{p) I p i p{’K)r^p} = p{'K)u{{c{p) I p i p{'K)r^p}\p{B)). 

To see that the first set is a subset of the second set, observe that all co-places 
removed from the set {c{p) \ p ^ p{*K) fl P} belong to the set p{*K): Because 
K has no isolated places which are mapped to co-places, for every place b G B 
with p(b) G P' and c~^{p{b)) ^ p( *K)C\P, either b G ~ K or b G ^K. In the first 
case, b G *K. In the second case, either b G *K or there exists e\ G E such that 
b G e* . By construction of the complementation, there exists b\ G *ei such that 
p{bi) = c~^{p{b)). By the assumption c~^{p{b)) ^ p{ *K)C\P there exists 62 G E 
such that 61 G e* . By induction, there exists G *K such that p{bn) = p{b). 

To prove that the second set is a subset of the first set, it is enough to show 
that 

pG p{ *K) c{p) i p{ *K). (9) 

Assume that this is not true. Ki and K2 are processes of N and therefore 
holds for Ki and 7^2 • Without loss of generality, let bi G and 62 G *K2 such 
that c{p{bi)) = p{b2)- We have either b\ G or b\ G '^Ki. Because K2 has 
no isolated placed which are mapped to co-places, there exists 62 G E2 such that 
either 62 G *62 or 62 G ’’’62. If &2 G *62, by definition of the complementation, 
there exists 63 G e* such that c(p2(^y) = P2{b2) which contradicts 0 = pi{"^Ki)r\ 
P2{^K2) if 61 G ^Ki, and contradicts 0 = p{~^Ki) fl P2{^K2) if b\ G ~^Ki. If 
^2 G ■'■62, then bi G contradicts 0 = pi( *Pri)nc“^(p2( ~ K2)), and b\ G Ki 
contradicts 0 = p\{^Ki) fl c~^{p2{ ~K2)). □ 

Given processes Ki,K2,K^,Ki such that K\ || K2,K3 || K4 are defined 
and Ki ~ K^^K2 — K4, we have Ki || K2 — K3 || K4, i.e. we have that 
isomorphism between processes is a congruence w.r.t. the partial operation of 
concurrent composition defined in the previous proposition. 

Proposition 4. Let Ki — (Pi, Pi, Pi, Cl, Pi ) and K2 — {B2, E2, F2,C2, P2) be 
two processes of N with disjoint sets of transitions such that V61 G Pi, 62 G P2 : 

bi = &2 (^1 G K* A 62 G *K2 a Pi(&i) = P2(^2))) O'lT'd (10) 

Pi(Pi*)nP = p2(*P2)nP. (11) 

Then K = (P, P, P, C, p), where P = Pi U P2, P = Pi U P2, P = Pi U P2, C = 
Cl U C2, p = Pi U p2, is a process of N. 



Proof. See ^21 • 
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Definition 17 (Sequential composition of processes). With notions of 
Proposition ^ itT is called the sequential eomposition of the processes K\ and 
K 2 - It is denoted by K\ \ K^. 

Isomorphism between processes is a congruence also w.r.t. the partial oper- 
ation of sequential composition defined in the previous proposition. 
Furthermore, given two isomorphic processes K\ ~ K 2 , we have: 

pi( *iFi) = P2{'K2), pi{Kl ) = P2{KI ), 



and 



pi{^Ki) = P2^K2), P,{+Ki)=P2{+K2), Pi{-Ki)=P2{~K2). 



8.3 Relationship between Process Terms and Processes 
of Elementary Nets with Context 

For the most general case of an elementary net with mixed context we prove 
a one-to-one correspondence between isomorphism classes of its processes and 
equivalence classes of process terms of the corresponding (AI,I)-net from Sec- 
tion 0 with respect to As a consequence, the partial order constructed in a 
canonical way from an equivalence class of process terms by considering the or- 
dering of transitions of all process terms in the equivalence class coincides with 
the partial order derived from the corresponding process net. 

In the sequel, let An together with inf he the (Al,I)-net corresponding to 
an elementary net with context N = {P,T, F,C+,C-), as defined in Section 
0 With the help of the above definitions and propositions we will inductively 
construct isomorphism classes Aa of processes of N associated to process terms 
a : a ^ b G V{An) with information Inf(a) according to the four construction 
rules of process terms. We will also show that processes Ka G Aa enjoy the 
following properties: 



PaCKa) np = a and pa(K) DP = b, (12) 

(pai^'Ka), Pa{~^Ka), C~^ {pa{~ Ka))) = Inf{a). (13) 



Proposition 5. Let m : m ^ m be the reflexive proeess term of a marking m 
of N with associated information Inflm) = (0,m,0). According to Definition \14\ 
K{m) is a process of N. Clearly the properties M‘A) and hold for K(m). 

Definition 18 (Isomorphism class of processes associated to markings). 

With notions of Proposition^^ define Am = [K(rn)\^ to be the isomorphism class 
of processes associated with the elementary term m. 

Proposition 6. Let t : pre{t) — >■ postff) be the proeess term generated by a 
transition t with associated information Inflt) = (*t U t* , ~t). The proeess 

K{t) of N satisfies properties XT^) and (E3). 
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Definition 19 (Isomorphism class of processes associated to transi- 
tions). With notions of Proposition\^ define At = [A'(t)]~ to be the isomorphism 
class associated with the elementary term t. 

Proof of Proposition 6 . According to Definitional K{t) is a process of N. Prop- 
erty (H 21 follows from *t U ~^t = preft) and t* U = post{t), where *t, 
t* and are taken w.r.t. N, and *K{t) = U U {c{p) \ p G ~t}, 
Kfty = t* U U {c{p) I p £ ~t}. Property (Tnil follows from: 

-t = c-y-K{t)). 

□ 

Proposition 7 . Let 01,0:2 be process terms of An, such that o = oi || 02 is a 
defined process term. Then there exist processes K\ = {B\, Ei,F\, Ci,p\) G 
and K2 = {B2, E2, F2,C2, P2) G such that the preconditions for concurrent 
composition of K\ and K2 are fulfilled. Moreover, the process 

Ka = Kl II K2 = {Ba,Ea,Fa,Ca,Pa), 

satisfies the properties and 

Definition 20 (Isomorphism class of processes associated to concur- 
rent composed process terms). With notions of Proposition^ define = 
[Ka]~ to be the isomorphism class associated with the term a. 

Proof of Proposition 7 . Take processes Ki G Aa^,K2 G Aq,^, such that the sets 
Bi \ ( U ~Ki), B2 \ ( ^K2 U ~K2), P are disjoint, and U ~Ki CPA 
Pi\ +KiU -Ki = i-d for 1 = 1,2 (what can be achieved by an appropriate renaming). 
Then the precondition m formulated in Proposition 0 is fulfilled. 

Denoting Infiai) = (wi,pi,ni) and Inf{a2) = {w2,P2,n2) we have by the 
definition of dom_j_: 

wi n W2 = n {p2 U 712) = rc2 n (pi U ni) = Pi n ri2 = P2 n ni = 0 . 

From property (HSJ of Kl and K2 we have for i = 1 , 2 : 

Wi = pyKi), p, = pi{+Ki), Hi = c~^{pi{~Ki)). 

Therefore the remaining preconditions for concurrent composition of Ki and K2 
formulated in Proposition 0 are fulfilled. 

We have that 

•{Kl II K2) = 'Kl U •K2, {Kl II K 2 Y = Kl U Kl , 
and, because joined places are neither in ^Ki nor in ^K2, 

YKi II K 2 ) = ^KiU^K2, 

+ {Ki II K2) = +Ki U +K2, 

-{Kl II K2) = -KiC -K2, 

which easily implies properties ( 1 1 21 ) and (inj. □ 
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Proposition 8 . Let a\ and be two proeess terms sueh that a = ai;a2 is 
a defined proeess term. Then there exist K\ = (Bi, i?i, Ci, pi) G and 
K2 = {B2, E2, F2,C2, P2) G ^c(2 such that Ka = K\]K2 is a defined proeess, 
which fulfills properties IW and ifnj). 



Definition 21 (Isomorphism class of processes associated to sequential 
composed process terms). With notions of Proposition]^ define Aa = \Ka\^ 
to be the isomorphism class associated with the term a. 

Proof of Proposition 8 . Take processes Ki G , K2 G such that the sets 
ill \ iG* , i?2\ P are disjoint, itr* C PApi|i<-» = id and * K2 P f\ P2\ • k-2 = 

id (what can be achieved by an appropriate renaming). Then the precondition 
m formulated in Proposition 0 is fulfilled. 

From property dEJ of processes Ki,K2 and from post{ai) = pre{a2) we 
have Pi (if* ) fl P = P2(*if2) H P and therefore precondition (II I |l formulated in 
Proposition 0 is fulfilled. 

The new process = K = {B, E, F, C, p) obviously satisfies property (TT^Il . 
We have *if = *ifi U *if2 and therefore 

p(<>if) =Pl(<>ifl)Up 2 (^if 2 ) 

Moreover, +if = ( +ifi U ~''if2) \ ^K. Since p is injective on +ifi U ^K2, we 
have 

p( +K) = (pi( +ifi) U p 2 ( +X2)) \ pCK). 

Let ^K' = {b€B \ p{h) ^ P A (3e G P : 6 G *e U e* )}. 

Then ~K = ( ~ Ki U ~ K2) \ ^K'. 

By injectivity of p on ~Ki U ~K2 we have p{~ K) = (pi(“ifi) U P2{~ K2)) \ 
p{^K'). By construction of complementation we have c“^(p(*if') C p[^K). 
Since p G p{ *K) ^ c{p) ^ p( *if), by induction we have 

p G p{D) ^ c(p) i p{D) (14) 

for each slice P of if. Since each slice of K contains ~ K = {~KiU ~K2) \ *if^ 
we have (p( *if) \ c“^(p(*if'))) n p( ~K) = 0 . Thus, we have 

c-i(p( -K)) = (c-i(pi( -ifi)) U c-i(pi( -ifi))) \ p(op). 

Since each slice of K contains ~^K U “if, by (IIH we have 

p(+if)nc-i(p(“if)) = 0 . 

Thus, process Ka enjoys property (m. □ 



Definition 22 . Given an elementary net with mixed context N , let r : V{An) 
— >■ (P(iV))/~ be the mapping defined by T(a) = Aa- 
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Lemma 9 . Let K = {Bk, Ek, Fk,Ck, Pk) be a process of N and 61,62 € Ek 
with ei ^ 62 A 62 ^ ei- Then px(ei) || pk{ 62) is a defined process term. 

Proof. It suffices to show that: 

(a) { pk { *6i U et ) n P) n (pif ( *62 U e 5 ) n P) = 0 , 

(b) ((pk(+6i) nP) Uc“^(p(+6i) nP')) n (pk(*C 2 Ue*) nP) = 0 , and 

(c) {pk{~''6i) nP) n c“^(p/f(+62) nP') = 0. 

(a) follows from: ei ^ 62 A 62 ^ ei implies that the sets *ei U *62 U ~^K 
and e* U 6* U ~^K are subsets of slices of K. Since pK is injective on slices, 
Pk{*^i) n Pk{*^2) = Ptc(e* ) n pk{62) = 0 - Assume there is a place p G 
Pif(*ei) n p/f (e* ) or p G Pk{*&2) H pk( 6* ). Without loss of generality let 
p G Pk{*6\) n Pk{62)- There are places bi G *ei and &2 G e* such that 
PKibi) = pK{b2)- Then either 61 ^ 62 A &2 ^ b\ (which would be a contradiction 
to the injectivity of pK on slices) or 62 ^ b\ (which would be a contradiction to 
62 ^ 6i A 6i ^ 62 by the transitivity of or finally hi ^621 which would imply 
6i ^ 62 because places are unbranching, what is again a contradiction. 

To show (b), assume there is a place p G (p/f(+6i) fl P) U c“^(pk( +61) fl 
P'))n(p(*62U62 )nP). Then there are places 61 G ■'"ci and 62 G (*62U* 62)nP 
such that c(pif(&i)) = pK{b2) or Pic(6i) = Pat(& 2)- In the first case we observe: 

— Assume 62 G *62. By construction of the complementation N oi N there is 
a place b'2 G 6* such that PK{b\) = Pic (6^. We can distinguish 4 situations: 
bi ^b'2 A b'2 ^ bi leads to a contradiction similar as in case (a) . 

61 = b'2 implies 62 ^ ci. 

bi < b'2 implies the existence of a transition e' G E such that 61 G *e' A 61 < 
e' . Because places are unbranched, this implies e' < 62 and therefore ci < 62- 
b'2 < hi implies the existence of a transition e! such that 62 < e' and bi G 
(e')* . It follows e' < Ci and therefore 62 < Ci. 

— The proof for 62 G e* is similar. 

The second case obviously reduces to the situations considered in the first case. 

Finally we obtain (c) by assuming that there is a place p G {pK{~^ei) fl 
P) n c“^(pk( + 62) n P'). Then there are places 61 G ~^ei and 62 G +62 with 
c(pk(6i)) = pK{b2). Since p G pk{*K) c(p) ^ pk{*K), by induction we have 
p G Pk{D) => c{p) ^ Pk{D) for each slice D of K. This implies either bi < 62 
or 62 < bi which again gives a contradiction to ci ^ 62 A 62 ^ ci. □ 



Remark 5 . (a) Given process terms ai, i = 1 , ... ,4 of An such that the terms 
a = ((oi II 0:2); (0:3 II 61:4)) and /? = {{ai',az) || (02; 61:4)) are defined. Then 
Inf{a) = Inf{( 3 ). 

(b) For any two process terms oii and «2 such that || «2 is defined, we have 
ai II «2 ~ {ai\post{ai)) || (pr6(o2); 02) ~ (ai || pre{a2))-,{a2 || post{ai)) 
and analogously ai || 02 ~ (0:2 || pre(ai)); (oi || post{oi2)) 
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(c) If (ai; 02) II m, m being a marking, is defined, then we have (ai; a2) || m ~ 
(ai II m); (02 || m). 

Theorem 5. The mapping r : V{An) is surjective. 

Proof. Let K = {B,E,F,C,p) be a process of N. We inductively construct a 
process term a with = K hy the method of maximal steps analogously to 
the proof of the similar theorem in jOl Theorem 1 ]: Beginning with the slice 
D = we take all transitions {ei,...,em} G E with *Ci C D such that 
there is no transition e € E with e < (1 ^ ^ m). Then the transitions 

p(ei), . . . , p{em) can be composed by || as process terms. The resulting process 
term then is sequentially composed with the next one, which we derive by the 
same procedure now starting with the follower slice of D after firing ei, . . . , Cm- 
This is repeated until the follower slice equals K* . □ 



Theorem 6. For two process terms a,f 3 G V{An), a ^ /3 implies r(a) = t(/ 3 ). 

Proof. It is sufficient to show the proposition for every (of the seven) construction 
rules of ~ (Definition El . 

( 1 ) The proof for the rule ( 1 ) is obvious. 

( 2 ) Given ai,a2,C(3 such that terms {a\ || 02) || ol^ and a\ || (02 || 03) are 
defined, take processes 

K\ G K 2 G ^02 I ^3 ^ 



such that sets 

Bi\(+iLiU -Ki), B2\{+K2U -K2), B3M+K3U -K3), P 
are disjoint and 

U ~Ki C P A pi\+KiU-Ki = id, iG { 1 , 2 , 3 } 

(what can be achieved by an appropriate renaming). Then processes 
{Ki II K2) II K^,Ki II {K2 II K3) are defined and equal. 

( 3 ) Given ai,a2,Q;3 such that terms (ai;a2);o!3 and ap, (02! 013) are defined, 
let G be a set satisfying |G| = |P| and G fl P = 0 , and let g : G — >■ P be a 
bijection. Take processes 

Ki G K2 G Aq, 2, E3 G Aa^, 



such that sets 



Bi\K’, B2\CK2UK’), B 3 \’Ks, G, P 
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are disjoint and 

K* C P A Pi\k’ = id, *K2 C P a P2I *if2 = id, 

K' \ {^K2 U ~K2) C G a P2\k^\(+k.^u-K2) = 9\k^\(+K2U-K2), 

*Ks C G A Pal •Ka = g\ 'Ka 

(what can be achieved by an appropriate renaming). 

Set Q = *Ks C\ g~^{~^K2 U ~K2). Now, take the process Pig S ^0,3 ob- 
tained from the process by renaming every place & G Q by the place 
g{b) G +AT2U “PT2- Then processes (itTi; ^2); ^ilg, ATi; (PI2; .ffa) are defined 
and equal. 

( 4 ) Given cti, 02, cts, ctg such that terms {a\ || 02); (ctg || a^) and (ai;ag) || 
(02; 04) are defined, take processes 

K\ G Aqj , K2 G 

■^(y.2 1 KsG K4 G Aa^, 

such that sets 

Pi \ Kl , P2 \ K' , Pg \ *i^g, P4 \ 'Ki, p 
are disjoint and 

K\ Q P /\ Pi\ki = id, K* ^ P /\ P2 \k’ = id, 

C P A psl-Ks = id, C P A p 4 \>Ki = id 

(what can be achieved by an appropriate renaming). 

Then processes (Pi || P2); (P3 || P4), (Pi; P3) || (P2; P4) are defined and 
equal. 

( 5 - 7 ) The proof for rules ( 5 - 7 ) is similar. 

□ 

Theorem 7 . For two process terms a,f 3 G P{An), '''(a) = t{/ 3 ) implies a ~ 

Proof. Without loss of generality let a and (3 be process terms with P(a) = 
K{( 3 ) = K = (P, E, F, C, p) and 7 = 71; . . . ; 7^ be the process term constructed 
from the process P in the proof of Theorem |3 by considering maximal steps. 
Then 7^ is of the form 

li = p(el) II II p{Pn.) II p(P), 

ej, . . . , ejj. G E and P C P, z = 1, . . . , m. We show that a is equivalent to 7. By 
symmetry, the same holds for ( 3 , and we are done. 

According to Remark O we assume without loss of generality that a is of the 
form 



a = P(ei) II (p(«i) n P); . . . ; p{ek) || (p(ofe) n P) 
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with transitions ei, . . . , G E and subsets oi, . . . , C B. We will use short- 
hands a = ei; . . . ; and ignore the sets oi, . . . , a^, because they are determined 
by the definition of the sequential composition of process terms. Clearly, a and 
7 ’contain’ the same transitions, i.e. 

{ei,...,efc} = {e},...,e^^,...,e 7 ",...,e™^}. 

Assume = e\ for an i > 2 . It suffices to prove 

6i, . . . , 62 61, . . • , 62, €-i—\ ~ ~ 62, 61, . • • 5 62 — 1, 

because firstly the same procedure applied to 62, provides ei; . . . ; e„ ~ 
71; <5 (where 5 is the rest of the term a after removing transitions of 71), and 
secondly this procedure applied to 72, •■■,7m finishes the proof. In fact, it is 
enough to show that we can exchange and e^-i in a. A sufficient condition is 
that p{ei) II p{ei-i) is a defined process term. 

We have to distinguish two cases: If e^-i = e] for some j G { 2 ,...,m}, 
p{ei) II p{ei-i) is defined according to the process term 7. The other possibility 
is = e^- for an Z G { 2 , . . . , m} and j G {!,..., ki\. By construction of the 
process Ka from a follows ^ e^-i. On the other hand, by construction of 7 
follows Ci-i ^ 6i. By LemmaEl p{ei) || p{ei-i) is defined. □ 

Remark 6. The set of all processes of an elementary net with mixed context 
w.r.t. an initial marking mg corresponds to the set of all equivalence classes of 
process terms containing process terms of the form a = toq; (3 (i.e. process terms 
starting with mg). 

Finally, looking at the definition of r, we can state the main result for el- 
ementary nets with mixed context, which now follows easily from the previous 
theorems. 

Theorem 8. Given any elementary net N , there exists a one-to-one corre- 
spondence between the isomorphism classes of processes V{N) of N and the 
^-congruence classes of the process terms V{An) of the corresponding algebraic 
{Ai,T)-net defined in Section^ This correspondence preserves the initial mark- 
ing, final marking and the information about write places, positive context places 
and negative context places of processes and process terms, as well as concurrent 
composition and sequential composition of processes (resp. congruence classes of 
process terms). 

Remark 7 . Clearly, according to Remarks O and 0 the previous theorem holds 
also for elementary nets without context and elementary nets with negative 
context, although in these examples we considered a slightly different process 
term semantics. 

Using terminology from partial algebra 0 we can rephrase Theorem | 2 | as 
follows: Given an elementary net with context N and a process term a G 
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V{An) of the corresponding net over partial algebra, the congruence class [a]^ G 
{J’{An))/~ corresponds to the isomorphism class r(a) = [K]^ of a process 
K G 'P(N) such that the initial and final marking are preserved, i.e. p{ *K)nP = 
pre{a), p{K* ) fl P = post{a), and information for concurrent composition 
is preserved, i.e. (p{^K), p{'^ K),c~^{p{~ K))) = Inf{a). The factor algebra 
{'P{An))/^ is isomorphic to the factor algebra (P(iV))/~, (i.e. r is a surjec- 
tive closed homomorphism between V{An) and (P(fV))/~). 



9 Place/Transition Nets 



In this section we give algebraic definitions of place/transition Petri nets with 
inhibitor arcs and place/transition Petri nets with capacities. 

Here we provide semantics corresponding to collective token philosophy |Sj. 
In this case an equivalence class of process terms corresponds to an equivalence 
class of partial orders, according to collective token semantics of place/transition 
nets without capacity restriction (see Q and |HI)- In the case of individual token 
philosophy, where the single partial orders are of interest, one can use more 
sophisticated algebras, such as for example concatenated processes m- 

Let us brielfy mention another possibility how to deal with individual token 
semantics without using different algebra from those used for the collective token 
semantics. As it was discussed in Introduction, any process term defines naturally 
a partial order of events labeled by transitions. Thus, an equivalence class of 
process terms defines a set of partial orders. As we have illustrated in the example 
from Introduction, one can modify these partial orders comparing each other and 
removing causalities which are not defined by the net itself. The idea for further 
research is to generalize this modification procedure in order to obtain the set of 
partial orders containing only those causalities which are given by the net itself. 
Such set of partial orders would correspond to collective token semantics, while 
obtained single partial orders would correspond to individual process semantics. 

Clearly, one can also combine restrictions given by inhibitor arcs and capac- 
ities and extend them further, or combine them with other approaches such as 
positive context to get a more complicated enabling rule. In such cases one could 
use more complicated algebras, see e.g. IHEl. 



Definition 23 (Place/transition nets). A place/transition Petri net (shortly 
a p/t net) is a quadruple N = (P, T, P, W), where P, T and F are defined as for 
elementary nets, and W : F ^ N+ is the weight function. Given a transition t, 
define *t,t* £ as follows: 



•t{p) 
f (P) 



W{{p,t)) if(p,f)GF, 
0 otherwise, 

W{{t,p)) if{t,p)^F, 

0 otherwise. 
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9.1 Place/Transition Nets with Inhibitor Arcs 

Definition 24 (Place/transition nets with inhibitor arcs). A p/t net with 
inhibitor arcs is a five-tuple N = {P,T, F,W,C-), where {P,T, F,W) is a p/t 
net, and C- Q P x T is an inhibitor relation (set of inhibitor arcs) satisfying 
(F U F~^) n C- = 0. As usual, ~t = {p \ (p,t) S C-} for each t € T. A 
marking of N is a multi-set m G N^. A transition t is enabled to occur at m iff 
\/p G P : m{p) ^ *t{p) A {{p,t) G C- => m{p) = 0). Its occurrence leads to the 
marking m' = m — + t* . 

For p/t nets with inhibitor arcs the cardinality of the information set I is 
smaller than the cardinality of the marking set of the net: 

M. = (M, +) = (N'^,+), where + is multi-set addition. For concurrent com- 
position it is obviously enough to check that one process does not use negative 
context places of the other process as write places. Therefore, the necessary in- 
formation for concurrent composition consists of the set of those places which 
appear in a marking of the process term and the set of negative context places. 
For a marking m over the set P of places we denote = {p \ m(p) / 0}. It 
follows X = (7, -i-, dom+) with / = 2^ x 2^ , dorrij^ = {((w, n), {w' , n'))|rt; An' = 
w' n n = 0} and V/w, n){w' , n')) G dom^ : {w, n) -j- {w' , n') = (u> U w' , n U n'). 

The partial groupoid I satisfies the requirements given in Section |21 

For a transition t and a marking m define 

pre{t) = *t,post{t) = t* , 

"infim) = {ms,%),inf{t) = {{pre{t))s Apost{t))s, ~t). 

The function ^/preserves property (a) from Definition^ One can also easily 
prove that the independence relation of X encodes the restriction of the occur- 
rence rule by restriction of concurrent occurrences of a transition and a marking. 

Lemma 10. Let supp : 2^ — >■ / &e defined by 

supp{A) = U U 

y(w,n)£A {w,n)£A 

Then relation = defined by x = y supp{x) = supp{y) is the greatest closed 
congruence on the partial algebra (2-^, dom^q.}, {-j-}, U). 

Proof. It is a straightforward observation that supp is a surjective closed homo- 
morphism from (2-^, {-j-}, U) to (I, domq, -j-, o), where \/{w,n),{w' ,n') G 

I : {w, n) o (w', n') = (w U w' , nVJn'). Hence = is a closed congruence. 

To prove that = is the greatest closed congruence it suffices to show that any 
congruence ~ satisfying =CRi is not closed. The proof is similar to the proof of 
Lemma El Assume there are A, A' G 2^ such that A A' but A A'. Then 
supp{A) / supp(A'). 

We construct a set C G 2^ such that {A,C) G domf^j. but (A',C) ^ domf^j. 
or vice versa (which implies that ~ is not closed) . If supp(A) = (w, n) and 
supp(A') = (w',n') then n / ri' V w / w ' (since supp{A) / supp{A')). 
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P3 P4 



Fig. 13. An example of a p/t net with inhibitor arcs. A possible process term is (a 
b II pi); (c II (pi +P4 +P5);d II (2pi +P5). 



Let w ^ W Without loss of generality we can assume w ' \ W 0. Set 
C = {{Cw, Cn)} with Cuj — 9 and c„ = w' \ w. Therefore c^, fl n = c„ fl uJ = 0, 
but c„ n w ' yf 0, i.e. (A, C) G dom^^, but (A', C) ^ doTO{_j_}. 

Now let n 7 ^ n Without loss of generality we have n' \ n ^ 0. Set C = 
{(cu;, c„)} with Cw = (ji' \n) and Cn = Then Cu, 0, fl n = tUn c„ = 0 and 

n n ' yf 0, and we are finished. □ 

Because also property (b) from Definition Q is preserved, we can formulate 
the following theorem. 

Theorem 9. Given a p/t net with inhibitor arcs N = {P,T, F,W,C-) with 
Ai,I,pre,post,inf as defined in this subsection, the quadruple An = (2'^,T,pre, 
post) together with the mapping inf is an algebraic {M,I)-net. Moreover, it is a 
corresponding algebraic {M.,I)-net to the net N. 

Figure El shows an example of a p/t net with inhibitor arcs. 



9.2 Nets with Capacities 

There are two different interpretations of consuming and producing tokens for 
Petri nets with capacities (for more details see e.g. According to the 

order of consuming and producing tokens one can distinguish the following sit- 
uations: 

— A transition t first consumes the tokens given by pre(t) yielding an inter- 
mediate marking 0 (empty multiset) and then produces tokens post(t). This 
interpretation corresponds to classical rewriting and such capacities are said 
to be weak |^. 

— A transition t first produces tokens (given by post{t)), yielding an interme- 
diate marking pre{t) + post{t) and then consumes tokens (given by pre{t)) 
yielding the marking post{t). Such capacities are said to be strong 0. 
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Definition 25 (Place/transition nets with capacities). A place/transition 
net with capacities is a p/t net together with a partial function K : P ^ N+ with 
a domain Pk C P. 

A marking of a net with capacities is a multi-set m G such that Vp S Pk ■■ 
m{p) ^ K{p). 

A transition t is said to be weakly enabled at a marking m ijfWp G P : m(p) ^ 
*t(p) and VpG Pk ■ K{p) ^ m(p) - *t{p) + t* {p). 

A transition tis said to be strongly enabled at a marking m ijfWp G P : m{p) ^ 
*t{p) and \/p G Pk ■ K{p) ^ m{p) + t* {p). 

The occurrence of an enabled transition t at a marking m leads to the marking 
m' = m — . 

The concurrent occurrence of transitions, and more general concurrent com- 
position of processes, have to respect capacities. In the case of strong capacities 
the information about the intermediate marking pre(t) post(t) is attached to 
transition t. 

Thus, as the set of markings we set = ({a G | Vp G Pk ■ a{p) ^ 
K{p)},+), where the operation + is defined by a{p)+b{p) = min(a(p) -I- b{p), 
K{p)) for all p G Pk and a{p)+b{p) = a{p) -b b{p) for all p G P \ Pk- 
The partial groupoid of information I = (/, -j-, domjS) is defined by 

I = ({w G N^^|Vp G Pk '■ w{p) < K{p)}, 
dom^ = {(w, w') G / X / I Vp G Pk ■ w{p) w'{p) ^ K{p)} 

T — “b|(iom_j_ ■ 



This partial groupoid satisfies the requirements from Section Q 

Define preft) = *t,post{t) — t* for every transition t. Moreover, for weak 
capacities define a mapping infyj : M UT ^ I by: 

— For a marking m, infw{m) = m\pj^. 

— For atransition t and aplacep G Pk, infw{t){p) = rnax{pre{t){p) ,post{t){p)) . 
For strong capacities define a mapping infs : M U T — ^ / by: 

— For a marking m, infs(rn) = w|p^. 

— For a transition t and a place p G Pk, infs{t){p) = {pre{t){p) -b post(t)(p)) El 

Again, property (a) from Definition Q is satisfied. The considered independence 
relation encodes the restriction of the occurrence rule. 

In the sequel, we define a mapping supp : 2^ — > / and prove that supp is 
the natural homomorphism of the greatest closed congruence = of the partial 
algebra (2^, dom^p^, {4-}, U). 

In the case of strong capacities we implicitly suppose for each transition t and each 
place p G Pk that pre{t){p) post{t){p) ^ K(p). Otherwise transition t is never 
enabled to occur and therefore according to the Definition El it is irrelevant for the 
corresponding net 
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Fig. 14. An example of a p/t net with capacity 



Lemma 11. Given I as above, let supp : 2^ — > J &e defined for all p G Pk by 

supp{A){p) = maXaeAa(p). 

Then the relation = defined by A = A' supp{A) = supp{A') is the greatest 
closed congruence on the partial algebra {2^ ,dom^p^,{+},\j). 

Proof. By the properties of maximum and the definition of the mapping supp, 
supp is a surjective closed homomorphism from (2^, {+}, U) to (I, domj^, 

where Va, a' G I : a o a' = supp{{a, a'}), and therefore = is a closed 
congruence. To prove that = is the greatest closed congruence we show that any 
congruence « satisfying =C« is not closed. We construct a set C G 2^ such 
that {A,C) G doTO{_j_} but (A',G) ^ or vice versa. Assume there are 

A, A' G 2^ such that Ak, A' but A'^ A' . Then there is a place p G P such that 
maXa^AO.{p) 7 ^ "max a' ^ A' cl' ( p). Without loss of generality let maXa'^A’O,' (p) > 
maXaeAO,{p). It suffices to take, for example, C = {a} for the multi-set a{p) = 
K{p) — maXa^AO.{p) and a{p') = 0 for all p' G Pk such that p' p. □ 

The property (b) from Definition Qis satisfied both for inf^j and infs- Thus, 
we have the following theorem for place/transition nets with capacities. 

Theorem 10. Given a p/t net with capacity N = {P, T, F, W, K) with Ai,X,pre, 
post, inf .ui, infs o,s defined in this subsection, the quadruple An = {M,T,pre,post) 
together with inf^, for weak capacities and infs for strong capacities is a corre- 
sponding {Ai,I)-net to the net N. 

Notice that in the case that there are no self-loops in the net, as it is in 
Figure E] weak and strong capacities coincide. Nets with capacities represent 
a class of (Ad,I)-nets where information can violate the distributive law (see 
Definition □ (4)). For example, we have the following process terms of the net 
from FigureEl a = (6 || pi); (ps || a) with Infia) = p 2 and (3 = {b^ps) || (pi;a) 
with InfiP) = 2p2- The information of the term a corresponds to the fact that 
during the execution of a there is at most one token in place p 2 , while the 
information of (3 expresses the fact that during the execution of f3 place p 2 can 
obtain two tokens. Because terms a and (3 have different information, they are 
not equivalent. As a consequence of the difference of information, a can run 
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concurrently with c, but /3 cannot. If the place p 2 had no capacity restriction, 
then a and /? would be equivalent according to the distributive law and a and 
(3 would represent the same run. 

10 Conclusion 

There are several approaches to unifying Petri nets (see e.g. EUgEEl). They 
enable to unify different classes of Petri nets which use different underlying alge- 
bras and different treatment of data- type part, defining them as formal parame- 
ters which can be actualized by choosing an appropriate structure. However, in 
these approaches enabling condition of the occurrence rule is not a parameter, 
but it is fixed. Both definitions in mm capture elementary nets but they let 
open more complicated restrictions of enabling condition in occurrence rule, such 
as inhibitor arcs or even capacities. 

In our paper we have focused on unified description of Petri nets with mod- 
ified occurrence rule. Namely, we have described a unifying approach to non- 
sequential semantics of Petri nets with modified occurrence rule. We have demon- 
strated that methods of partial algebra, such as greatest closed congruence, 
represent a suitable mathematical tool for such an approach. By restricted do- 
mains of operations we were able to generate precisely just those runs of the net 
which are allowed. In comparison with methods based on partial order where 
concurrency is defined implicitly if there is no causal connection between runs, 
we define explicitly when runs can be composed concurrently. Thus, in our ap- 
proach causality is defined using two partial operations to generate runs, namely 
concurrent and sequential composition. 

On the other hand, we did not discuss unifying of data type part. So, we did 
not discuss high-level Petri nets in this paper. There are also other restrictions 
of the occurrence rules in various high-level nets (e.g. transition guards, time 
intervals, roles etc.) which are of different characters and were not discussed in 
the paper. It would be interesting to discuss those kinds of restrictions in order 
to see the implication of the unifying approach for high-level nets. Namely, it 
would be interesting to combine the approach presented in 1221 and the approach 
presented in this paper. 

The presented approach opens many interesting questions. We can further 
distinguish between synchronous and concurrent occurrences of transitions. In 
such an extension of our approach one first needs to generate steps from tran- 
sitions using a partial operation of synchronous composition and then to use 
this steps to generate process terms using partial operations of concurrent and 
sequential composition. In terms of causal relationships, such an extension cor- 
responds to the approach described in jl ,'111 7\ . where two kinds of causalities 
are defined, first saying (as usual) which transitions cannot occur earlier than 
others, while the second indicating which transitions cannot occur later than 
others. In |I,‘-!II7| the principle is illustrated for a variant of nets with inhibitor 
arcs, where testing for zero precedes the execution of a transition. Thus, if a 
transition t tests a place for zero, which is in a post-set of another transition 
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t' , this means that t cannot occur later than t' and therefore they cannot occur 
concurrently - but still can occur synchronously. There are also other net exten- 
sions employing steps of transitions (distinguishing between synchronous and 
concurrent composition), such as nets with asymmetric synchronization [12^. We 
are currently working on the extension of our approach using a partial operation 
for synchronous composition to cover such cases. 

Another area of further research is to investigate whether the presented 
framework would lead to a unifying and mathematically elegant way of pro- 
ducing the causal semantics for nets with restricted occurrence rule. Namely, as 
it was discussed in Introduction, any process term defines naturally a partial or- 
der of events labeled by transitions. Thus, an equivalence class of process terms 
defines a set of partial orders. As we have illustrated in the example from Intro- 
duction, one can modify these partial orders comparing each other and removing 
causalities which are not defined by the net itself. The idea for further research 
is to generalize this modification procedure in order to obtain the set of partial 
orders containing only those causalities which are given by the net itself. 
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Abstract The concept of parameterized net classes is introduced in or- 
der to allow a uniform approach to different kinds of Petri net classes. 
By different actualizations of the net structure parameter and the data 
type formalism parameter we obtain several well-known net classes, like 
elementary nets, place-transition nets, colored nets, predicate transition 
nets, and algebraic high-level nets, as well as several interesting new 
classes of low- and high-level nets. First the concept of parameterized net 
classes is dehned on a purely set theoretical level, subsequently we give 
the concepts taking into account also morphisms and universal proper- 
ties in the sense of category theory. We explain the underlying notions 
in an intuitive way. Moreover we give extracts from two of our case stud- 
ies, where the application of these notions are illustrated in specific net 
classes, i.e. in instantiations of the parameterized net class. 

The formal foundation of parameterized net classes this the uniform the- 
ory of abstract Petri nets. Low-level abstract Petri nets are a special case 
of high-level abstract Petri nets, but for better understanding they are 
presented separately. The theory of abstract Petri nets yields sufficient 
concepts and results for a specification technique of parameterized net 
classes. Operational behavior of nets is so presented in a uniform way. Dif- 
ferent notions of horizontal structuring, rule-based rehnement and their 
compatibility become available. The horizontal structuring techniques 
comprise union and fusion of nets. Last but not least we present some 
examples from our case studies using the notions and results introduced 
in this paper. 

Keywords: Petri Nets, high-level nets, actual and formal parameter, 
uniform approach, union, fusion, rule-based refinement 



1 Introduction 

Petri nets have been used successfully for more than three decades to model 
concurrent processes and distributed systems. Various kinds of Petri net classes 
with numerous features and analysis methods have been proposed in literature 

* This work is part of the joint research project “DFG-Forschergruppe Petri Net 
Technology’ between H. Weber (Coordinator), H. Ehrig (both from the Technical 
University Berlin), and W. Reisig (Humboldt University Berlin), supported by the 
Deutsche Forschungsgemeinschaft (DFG). 
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(see e.g. the following surveys |Pf{.9 lirrnMllH.R98BllK,b{.98allW Ebi,99 | ) for differ- 
ent purposes and application areas. The fact that Petri nets are widely used and 
are still considered to be an important topic in research, shows the usefulness 
and the power of this formalism. Nevertheless, the situation in the field of Petri 
nets is far from satisfactory, partly due to the enormous interest in Petri nets, 
that has been leading to a vast accumulation of dissimilar approaches. The dif- 
ferent notions, definitions and techniques, both in literature and practice, make 
it hard to find a common understanding and to provide good reasons for the 
practical use of the nets. Moreover, the unstructured variety of Petri net ap- 
proaches causes the new formulation and examination of similar concepts. The 
relation of these concepts requires complicated, but boring conversions. Most of 
the different concepts for Petri nets are defined explicitly for a single net class, 
although many of these notions are essentially the same for different kinds of 
net classes. Since the mid-nineties abstract notions of Petri net have become 
an increasingly important issue in order to permit an abstract formulation of 
such notions for a large variety of different net classes. This volume itself is 
the first comprehensive collection of such approaches. This uniform approach to 
Petri net classes captures the common components of different kinds of Petri 
nets like places, transitions, net structure, and - in case of high-level nets - a 
data type part. Moreover, this approach treats low- and high-level nets in the 
same way, considering a trivial data type for low-level nets. General notions, like 
firing behavior being essential for all kinds of Petri nets are formulated in the 
frame of abstract Petri nets independently of their specific definition within a 
fixed net class. We do not consider this uniform approach as a net formalism for 
application purposes. Nevertheless, such an approach allows the easy transfer of 
results between different Petri net formalisms and thus has an impact on Petri 
nets used in practice. Hence, this concept comprises many known and several 
new net classes as special cases and allows their mutual comparison. Results 
achieved within this frame can be generalized to several different net classes. 
This means notions and results are achieved without further effort in each of 
these net classes, provided the general assumptions have been verified for the 
specific instance. 

This paper is organized as follows. The first part is Part I: Introduction to 
Parameterized Net Classes. In Section El we present a purely set theoretic de- 
scription of this uniform approach first introduced in [EEnZl. This includes the 
definition of the net structure parameter and the data type formalisms parame- 
ter. Then in Section 0 we extend these parameters into a categorical frame that 
allows the precise definition of the formal and actual parameters. We explain 
the used categorical concepts in a way that is easy to understand. Moreover we 
list our results and give an intuitive explanation. These notions and results are 
then illustrated in Section0with a few examples from our case studies (first pre- 
sented in |Erm9fillPGH99^ 1. We show how the notions given for parameterized 
net classes are applied in concrete net classes, that are obtained by actualiza- 
tion of the formal net structure and data type formalism parameter. The second 
part presents Part II: Theory of Parameterized Net Classes Based on Abstraet 
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Petri Nets. In Section 0 we give first the formal basis for parameterized net 
classes in terms of low-level abstract Petri nets, first introduced in lEM-In 
this section we introduce the formal parameter for the net structure only. The 
formal parameter for the data type part is investigated subsequently in Section 
El High-level abstract Petri nets are presented in Section 0 together with the 
corresponding categorical results. We investigate horizontal and vertical struc- 
turing techniques and their compatibility results in Section 0 The conclusion 
summarizes the achieved results. 

In Part I of the paper we do not assume any previous knowledge of category 
theory. On the contrary we carefully explain the use of the categorical notions 
in the area of Petri nets and present the main results on a conceptual level. In 
Part II we present the mathematical precise version of the results. These, the 
review of high-level replacement systems in Appendix El and the proofs of the 
main results in Appendix O assume some basic knowledge in category theory. 



Related Work 

In pVTMflflj a basis for various approaches to a uniform description of Petri 
nets has been provided. There the marking graph of a place/transition net 
(understood as directed graph over a commutative monoid) is constructed by 
symmetric and additive closure of the category of place/transition nets. In 
| IEPP,fl4hl[Pad9fil[FTP^ the above idea has been developed further using adjoint 
functors between category of sets and a (sub) category of commutative semi- 
groups. Moreover, a suitable treatment based on institutions is given for the 
data type part of high-level nets. This paper gives a comprehensive survey over 
this approach. 

The transfer of this parameterization concept to nets closely related to Fun- 
SOFT innnimiisaniinHi, a net class well-known in industrial practice, has been 
suggested in An extension to partial algebras has been 

extensively investigated in |,luh98bUluh99| . This approach allows the treatment 
of relaxed enabling rules. In |DM98| positive cones of Abelian groups are used to 
relate Petri nets in a uniform way to automata. In non-algebraic 

parameterizations of Petri nets have been achieved by a characterization of au- 
tomata determined by different Petri net types. The use of rewriting logic for 
the unification of Petri nets has been investigated in IMes92l . Another line of 
research follows the idea to present abstract description of Petri nets and their 
semantics, for example [(IK8.‘-i|IWiu87^ fM IVI90|ISa.sTI^ . The classification of Petri 
nets and their extensions as investigated in jm)(;9'ii in7^ iKW98) is an impor- 
tant basis for the identification of further parameters. In |K W98] an approach 
has been introduced that focuses on describing orthogonal dimensions of Petri 
net notions. These dimensions can be considered as parameters as well. 

Since the sole topic of this book concerns unifying Petri nets, related work 
concerning parameterization of Petri nets is also presented in this volume. A 
first step towards this work has been presented in jEPR94bj (a revised version 
is [PEP.Olp . The extension to partial algebras is presented in | in,TLni| . fiWiI 
is based on parameters as well but that contribution concentrates on low-level 
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nets and transition systems. In [BljDOl] a parameterization is based on different 
automata and their representations as Petri nets. 



Part I: 

Introduction to Parameterized Net Classes 

In Part I we give a set theoretical and also a categorical introduction to parame- 
terized net classes, summarize the main results at a conceptual level, and discuss 
two relevant applications of parameterized net classes. 

2 Set-Theoretical Approach 
to Parameterized Net Classes 

The basic idea of this uniform approach to Petri nets is to identify two parame- 
ters, that describe each of the net classes entirely. In case of the usual Petri nets 
this is the net structure and in case of high-level nets it is the net structure and 
the data type formalism. We call these parameters net structure parameter and 
data type (formalism) parameter. For convenience we often use the expression 
data type parameter instead of data type formalism parameter. Nevertheless we 
convey the formalism, not a specific data type. The instantiation of these param- 
eters leads to different types of Petri nets, or more precisely Petri net classes. In 
this section we introduce parameters for net classes, parameterized net classes 
and their instances leading to several well-known and some interesting new net 
classes. In more detail this work is presented in IPERfflj . 



2.1 Relevance of Parameters for Net Classes 

The net structure parameter describes different low-level net classes. Several 
different net classes have been proposed over the last 40 years. Moreover, the 
developments in software industry have yielded quite a large amount of variants 
that are equipped with additional features and/or restrictions. We propose an 
abstraction of net structure that can be instantiated to several net classes, in- 
cluding place/transition nets, elementary nets, variants of these and S-graphs. 
We have shown in [Pa,rlt)6j that the underlying construction is general enough 
to comprise several different kinds of low-level nets and their net structure. The 
data type parameter is necessary, because several data type formalisms have 
been integrated with Petri nets leading to different notions of high-level nets. 
Typical examples are: predicate logic with elementary nets leading to predi- 
cate/transition nets |CI,R1j . algebraic specifications with place/transition nets 
leading to different versions of algebraic high-level nets jVa,ii8fil[Rei91| . ML with 
place/transition nets leading to colored nets [,Ten92j . OBJ2 with superposed au- 
tomata nets leading to OBJSA-nets |BCM88j . and algebraic specifications with 
the Petri Box Calculus pD.H.9.2j leading to A-nets jKP95j . In practice, there 
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are also other data type formalisms like entity/relationship diagrams, SADT 
and many other semi-formal techniques that are combined with Petri nets in an 
informal way. 

2.2 Algebraic Presentation of Place/Transition Nets 

We use the algebraic presentation of Petri nets, that uses functions to relate 
a transition with its pre- and post-domain. This approach relates a transition 
on the one hand with all those places in its pre-domain using the function pre 
and on the other hand with its post-domain using the function post. In this 
algebraic presentation a place/transition net N is simply given by a 4-tuple 
N = (P, T, pre, post) where P and T are the sets for places and transitions re- 
spectively and pre and post are functions pre, post : T ^ P® from T to the 

free commutative monoid P® over P. This construction is similar to the con- 
struction of words over some given alphabet. Due to the axiom of commutativity 
the elements of the free commutative monoid are considered to be linear sums 
over P, that is for each t S T we have pre{t) = J2peP '^p * P for rip S N. Note, 
that this is just the same as multisets. The marking is given by some element 
m C P® and the operations for the computation of the firing behavior are com- 
parison, subtraction and addition based on linear sums, defined over the monoid 
operation. This algebraic presentation [IM MhO) is equivalent to the classical pre- 
sentation (see e.g. jHeiiS5ffRH,hti] ). but has the advantage of a clear and axiomatic 
presentation, thus it is much simpler to generalize. 

2.3 Algebraic Presentation of Elementary Nets 

In the case of elementary net^ the algebraic presentation is given by the power 

set construction P(P), that is pre, post : T ^ because *t = pre{t) 

and t* = post{t) are given by subsets of P. Moreover, each element m G P(P) 
can be considered as a marking of the elementary net. The firing behavior makes 
use of the order on sets and the operations union and complement of sets. 

2.4 Variants of Net Classes 

Note, that there are several variants of place/transition nets, and similar for 
other types of nets, where nets are considered with initial marking or with labels 
on places, transitions, and/or arcs. However, in this paper we only consider a 
basic variant without initial markings and without labels. The neglect of the 
initial marking is due to our focus on structural composition techniques. The 
composition of nets without initial marking yields techniques as union and fusion. 
These techniques are independent from the behavior of the net. The composition 
of nets with initial marking yields techniques as substitution and invocation, 
where the composition is dependent from the behavior of the net. In the case 

^ We talk about elementary nets as elementary (net) systems without an initial mark- 
ing. 
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of high-level nets our basic variant means in addition that a net includes one 
explicit model with total operations (resp. predicates) and that there are no 
firing conditions for the transitions (unguarded case) . In several kinds of 

variants of algebraic high-level nets are discussed that can be considered as well. 



2.5 Mathematical Notation of Parameters for Net Classes 

In the following we distinguish between formal and actual parameters for the 
net structure and data type formalisms. The actual net structure parameter for 
a net class is based on the algebraic presentation of nets, more precisely the 
codomain of the pre- and post-domain functions. The algebraic presentation of 
different kinds of Petri nets as the actual parameter allows the generalization in 
an axiomatic way, that is the formal parameter. Hence, it is the basic construc- 
tion in order to express the difference of an actual and a formal parameter in an 
uniform approach to Petri nets. 

For place/transition nets (in Subsection 12.21) the codomain uses the construc- 
tion of the free commutative monoid P® over the set of places P. For elementary 
nets (in Subsection I2.,SII the power set construction is used. The calculation with 
markings is based on the operations union of P(P) and addition of P® respec- 
tively. In order to generalize this computation a semigroup structure is employed 
in both classes. Hence, the constructions P(P) and P® for each set P can be 
considered as functions from the class Sets of all sets via some class Struct of 
semigroups to the class Sets. These constructions are used as the actual param- 
eter Net for the parameterized net classes. We consider P(P) and P® as sets. 
The use of sets instead of semigroups allows the mapping from the transitions to 
these sets. Moreover, this has the advantage to consider nets, where the struc- 
ture of the marking is different from the structure of the pre- and post-domain 
of the transitions, as for example in S-graphs, where markings contain multiple 
tokens, but the arc weight always equals one (see Example ^EJ. 

This motivates that in general an actual net structure parameter for a net 

P' 

class can be considered as the composition of two functions: Net : Sets ^ 

G 



Struct 



Sets. 



Based on the function Net we can describe Petri nets uniformly by pre, post : 
T ^ Net{P), where the specific net class depends on the choice of the func- 

tion Net. Then P(P) denotes the markings and the pre- and post-domain of the 
transitions, P(T) yields transition vectors, and G relates the used construction 
(i.e. free monoids, power sets) with sets. 

For high-level net classes we use the notion of institutions (see |(IH84IS T84] i. 
which is well-established in the area of abstract data types. Institutions are 
an abstract description of data type formalisms and generalize different for- 
malisms, as algebraic specifications, predicate logic, functional programming 
languages, and so on. The basic idea is to assume axiomaticly some specifi- 
cation SPEC and a class of models Mod(SPEC). Based on this theory an 
actual data type parameter for a net class consists of a class SPEC of data type 
specifications and for each SPEC € SPEC a class Mod(SPEC) of models 
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satisfying the specification SPEC. Hence, it can be represented by a function 

Mod : SPEC ^ ModelClasses where ModelClasses is the (super)class 

of all model classes. 

Concept: Formal Parameters of Net Classes The formal net structure 
parameter, respectively formal data type formalism parameter, of a parameterized 

F G 

net class is given a pair of functions Net : Sets ^ Struct ^ Sets 

and a function Mod : SPEC ^ ModelClasses respectively, as motivated 

above. 

Example 1. Actual Parameters of Net Classes 

1. The free commutative monoid P® over a set P defines the two functions 

(_)® : Sets ^ Struct ^ Sets, where P® together with the addi- 

tion operation on linear sums is a semigroup (without this operation P® 
is a set, thus the function G simply “forgets” the addition), which is the 
actual net structure parameter for the class of place/ transition nets. The 
free commutative monoid P® can be represented by formal sums P® = 
{SpGP Pp * P I Pp G N} with component-wise addition. 

2. Analogously the free Abelian groups P* over a set P determine an actual 
net parameter where we obtain a specific class of place/transition net, that 
allows negative tokens. 

3. The powerset construction P(P) over a set P defines two functions P : 

Sets ^ Struct ^ Sets, where P(P) with union operation is semi- 

group (without the union operation P(P) is a set), which is the actual net 
structure parameter for the class of elementary nets. 

4. The actual net structure parameter for the subclass of place/transition nets, 
called S-Graphs (see mm), where each transition has exactly one place in 
its pre- and postdomain respectively makes use of the compositionality of 
the function Net. The corresponding net can be considered as graph, where 
the nodes are the places and the edges are the transitions, that is transitions 

are mapped to places by pre, post : T ^ P. Nevertheless, markings are 

elements m G P® (as usual in place/transition nets) rather than m G P, 
which would allow only one token at all in the net, thus the intermediate 
construction has to be the free commutative monoid P®. This is expressed 

by the pair of functions SC : Sets ^ Struct s- Sets, defined by 

SC : X I— >■ X® I— >■ X for each set X. 

5. Let SPEC be the class of all algebraic specifications SPEC = {S, OP, E) 
with signature {S, OP) and equations E and Alg(SPEC) the class of all 
S'PPC'-algebras A (see |EM85| L Then we obtain a function Alg : 

SPEC s- ModelClasses which is the actual data type parameter for 

the class of algebraic high-level nets ( pEb,95jL 

6. Let EOS PEC be the class of all first order predicate logic specifications 
EOSPEC = {n,n, AXIOMS) with the signature {12,11) and AXIOMS 
being a set of closed formulas, and FOMod(FOSPEC) the class of all 
non-empty models satisfying the formulas in AXIOM S . Then we obtain a 
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function FOMod : FOSPEC ^ ModelClasses, which is the actual 

data type parameter for the class of predicate/transition nets ( j(TL8lj l. 

7. As a uniform approach to Petri nets should comprise low- as well as high- 

level nets, we consider low-level nets as a special case of high-level nets with 
a data type that yields only one data element, the usual black token. This is 
merely a technical extension, because in it has been shown, that these 

high-level nets with a trivial data type correspond one-to-one to the usual 
low-level nets. The great advantage is that this conception allows to consider 
low- and high-level nets within one uniform approach. In order to be able to 
define low-level nets as special case of high-level nets we define the following 

trivial actual data type parameter Triv : TRIV s- ModelClasses, 

where the class TRIV consists only of one element called trivial specification 
TRIV, and Triv(TRIV) is the model class, consisting only of one model, 
the one-element set {•}, representing a single token. 

8. There are also actual data type parameters for the class of colored nets in 
the sense [.lenT/’j . which is based the functional language ML (see |Pa.rlQfi] L 

Note, that the theory of institutions allows to treat different data type de- 
scriptions in the same way, but does not neglect the differences. This is due to 
the abstract formulation of this theory. Our uniform approach to Petri nets is 
motivated by this abstraction. 

Now we are able to define parameterized net classes and their instantiations 
mentioned above. 

Though parameterized net classes cannot yield concrete nets, as the formal 
parameters are not yet actualized, they give rise to abstract Petri nets. Abstract 
Petri nets constitute a pattern for Petri nets consisting of places, transitions, pre- 
and post-domain, specification and a data type model. Nevertheless, neither the 
structure of pre- and post-domain is fixed - due to the net parameter - nor the 
kind of the specification and its model - due to the data type parameter. 

Parameterized Net Classes 

A parameterized net class is defined by a formal net structure parameter {Net, 

Mod) with Net = G o F and Mod : SPEC ^ ModelClasses consists of 

all abstract Petri nets N = {P,T, SPEC, A, pre, post) satisfying the following 
conditions: 

— P and T are sets of places and transitions respectively, 

— SPEC G SPEC is the data type specification 

— A G Mod(SPEC), called data type model 

— pre, post : T ^ Net{TspEC x P) O'l's the pre- and post-domain func- 

tions, 

where Tspec a distinguished model with respect to the specification SPEC 
( e.g. where the elements are congruence classes of terms over the specifica- 
tion SPEC ). 

In the case of low-level nets we have Mod = Triv (see Example CO and hence 
SPEC = TRIV and A = {•} which are omitted as components of a net. 
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Since TgpEC consists of a single element, we obtain N = (P,T,pre,post) with 
pre,post : T ^ Net{P) 

Other parameterized and actual net classes can be defined by other variants 
of net classes discussed in example ^ In our notion above we only consider the 
basic variant without initial markings, without labels, with only one explicit 
(total) model and without firing conditions for transitions. 

The behavior can be given already for the abstract Petri nets, although the 
abstract Petri net is no “real net” unless the formal parameters are actualized. 
The behavior of abstract Petri nets yields a uniform description of the behavior 
in different Petri net classes: The firing of a transition vector can be defined ax- 

F G 

iomaticly using the pair of functions Net : Sets ^ Struct ^ Sets, 

the operation -I-, given by the semigroup structure, and the extensions pre 
(resp. post) of pre (resp. post) to the semigroup structure. The marking is given 
by m € F{P)- A transition vector v € F{T) is enabled under m G F{P) if there 
exists m € F{P) so that m = fh © pre{v). The follower marking m' G F{P) 
obtained by firing v under m is given by m' = m © post{v) 

The firing of high-level nets involves additionally the assignment of values to 
variables (see Section Ql. 

Example 2. Actual Net Classes A survey of actual net classes defined by the 
actual parameter given in example ^ is given in the table below, where well- 
known net classes are shown as explicit entries in the table while each blank 
entry corresponds to a new or less well-known net class. 



Mod 

Net 


Triv 


Alg. Spec. 


Pred. Logic 


ML 


Indexed Sets 


powerset 


Elem. Nets 
[RT86] 


NEW 


PrT-Nets 

[GL81] 


NEW 


NEW 


free c. monoid 


P/T-Nets 

[Rei85] 


AHL-Nets 

[PER95] 


NEW 


CPN ’92 
[Jen92] 


CPN ’81 
[Jen81] 


free A. group 


neg. 

P /T-net 


NEW 


^JEW 


NEW 


NEW 


monoid 

identity 


H-Graph 

[RT86] 


NEW 


NEW 


NEW 


NEW 



In more detail we have: 

— Place/Transition nets defined by Net = (_)® (see Exa.mnle l II II) are given by 

N = {P,T, pre, post) with pre, post : T ^ P® (see Subsections 12.21 and 

E3as well as |PER.Qljl. 

— Elementary nets defined by Net = V (see Example 1 1 Itll are given by TV = 

{P,T, pre, post) with pre, post : T ^ F{P) (see Subsection 12.81 as well 

as fPERblp . 

— S-graphs defined by Net = SG (see Example 1 1 1411 are given by = (P, T, 

pre, post) with pre, post : T ^ P. 
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— AHL-nets defined by Net = (_)® and Mod = Alg (see Exa.mnle lllbll are given 

hy N = {P,T, SPEC, A, pre, post) withpre, post : T ^ (Top(AT) xP)®. 

Here the distinguished model is the quotient term algebra Top{X), that is 
Top{X) are the terms with variables X over SPEC. 

— For a presentation of other high-level nets see Section 0 



3 Categorical Approach to Parameterized Net Classes 

The main concepts of parameterized net classes is now expressed in terms of cat- 
egory. We extend the notion of parameterized net classes studied in the previous 
section by morphisms on different levels. Hence, the classes become categories 
and the corresponding functions become functors in the sense of category the- 
ory jAHShOj . First we motivate the benefits of morphisms for Petri nets. For 
this purpose we first review net morphisms for place/transition nets in algebraic 
presentation (see Subsection l‘2.‘2|l . Then we discuss the benefit of morphisms in 
this case which is also valid for other types of net classes. Finally, we discuss 
general constructions and results which have been obtained in this framework. 



3.1 Introduction to Categorical Concepts 

Category theory is a universal formalism which is successfully used in several 
fields of mathematics and theoretical computer science. It has been developed 
for about 50 years and its influence can be found in most branches of structural 
mathematics and, for about 25 years in several areas of theoretical computer 
science. In the survey |FCW9fi| it has been shown that the following areas in 
computer science have been influenced by category theory: Automata and system 
theory, flow charts and recursion, A-calculus and functional languages, algebraic 
specifications, logical systems and type theory, graph transformation, Petri nets 
and replacement systems. The aim of category theory is to present structural 
dependencies and universal notions that can be found in many (mathematical) 
areas and to give a uniform frame independently of internal structures. This uni- 
form frame and the universality of the concepts distinguish category theory as a 
common language for the modeling and analysis of complex structures, as well as 
for a unified view of the development of theories, and for the integration of differ- 
ent theories within computer science. The main purpose of category theory is to 
have a uniform frame for different kinds of mathematical structures, mappings 
between structures, and constructions of structures. The most fundamental no- 
tions in category theory are on the one hand categories consisting of objects and 
morphisms and on the other hand functors defining structure compatible map- 
pings between categories. Another important concept of category theory is that 
of limits and colimits, especially product, equalizers, and pullbacks and the dual 
concepts of coproducts, coequalizers and pushouts. In jPadflfij we especially need 
pushouts and coequalizers corresponding to a union of objects with shared sub- 
objects and the fusion of subobjects, respectively. Universal properties express 
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that these constructs are generated. These universal properties imply that the 
corresponding construction is essentially unique. They are strongly exploited for 
the results we obtain in lEsng. Special colimits as pushouts and coequalizers 
are the basis for the just mentioned structuring techniques. Injective pullbacks 
correspond to the intersection of nets. Furthermore, the notions and results for 
rule-based modification depend on these constructions. The marking graph con- 
struction and the realization construction are derived from the net structure, 
and the preservation of colimits by free constructions yields the compatibility of 
the marking graph construction with the structuring techniques (see IPad 9 til 1 . 



3.2 Morphisms of Place/Transition Nets 



Given two place/transition nets Ni and N2 with 
Ni = {Pi,Ti,prei,posti) for {i = 1,2) (see algebraic 

presentation in a morphism / : Ni ^ N2 It 

of place/transition nets is a pair f = {fp ■ 

Pi ^ P2,/t:Ti ^ T2) of functions, such that ^ 



posti 



pre2 



post2 



:P? 



fp^ 



P® 



the diagram aside commutes for pre- and post-domain 
functions respectively. 

This means that we have /® oprei = pre20 fx and /® o posti = post20 fx where 



/® : P® 



P2® is defined by /f (EpePi *P) = E 



^pGPi 



)/p(p)- 



Example 3. Example of Union in Low-Level Nets 



This example illustrates the union of 
place/ transition nets of Ni, and N2 with 
the interface Nq resulting in A3 (that is 
7V3 = Ni -l-jvp N2). The net consists of 
the subnet iVi (the grey and lighter grey col- 
ored part) and the subnet N2 (the grey and 
darker grey colored part) sharing the com- 
mon subnet Nq (the grey colored part). 





3.3 Benefits of Morphisms for Petri Nets 

Similar to Subsection E 3 for place/transition nets morphisms can also be defined 
for all other kinds of Petri nets, including low-level and high-level nets. The main 
benefits - illustrated using place/transition nets - are the following: 

1 . A morphism / : Ni ^ N2 of nets allows to express the structural rela- 

tionship between nets iVi and N2- If f is injective (in all components) then 
Ni can be considered as a subset of N2. In general / may map different 
places Pi and p\ or transitions ti and t[ of Ni to only one place P2 or one 
transition t2 of N2. Then only a homomorphism image of Ni is a subnet 
of N2- In fact, there may be different morphisms f,g : Ni ^ N2 which 
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corresponds to different occurrences of the net N\ in the net N2 ■ In Example 
01 all morphisms are injective such that Nq can be considered as subnet of Ni 
via fi and of N2 via /2- Moreover, and N2 can be considered as subnet 
of via gi and g2 respectively. 

2. A bijective morphism / : Ni — N2 is called isomorphism. In this case 
the nets Ni and N2 are called isomorphic, written Ni = N2, which means 
that they are equal up to renaming of places and transitions. 

3. The composition of net morphisms /i : iVi ^ N2 and /2 : N2 ^ 

is again a net morphism /2 o /i : Ni ^ N^. Moreover, this composi- 

tion is associative and for each net N there is an identity morphism idjv : 

N ^ N such that we have fi o = fi and idN2 ° fi = fi for all 

/i : Ni ^ N2- This means that the class of all nets together with all 

net morphisms constitutes a category. This allows to apply constructions 
and results from category theory to different types of nets and net classes. 
Note, that each pair {Net, Mod) of actual parameters defines an actual net 
class (see Example |2|) which is the object class of the corresponding category. 

4. Morphisms can be used to define the horizontal structuring of nets, for ex- 
ample the net N3 in Example 0 as union of A^i and N2 via the common 
subnet Nq. Vice versa, the nets Ni and N2 with subnet Nq (distinguished 

by morphisms /i : Nq ^ Ni and /2 : Nq ^ N2) can be composed 

leading to net N3 = Ni J-ato A^2- In fact, this union of nets is also a pushout 
construction in the corresponding category. This allows to apply general re- 
sults of category theory like composition and decomposition properties of 
pushouts to the union construction of nets, for example associativity and 
commutativity of union up to isomorphism. 

5. Morphisms can also be used to define refinement of nets. In several cases 
more general morphisms than those in Subsection 1,4. 'Zl should be considered 

for this purpose. One simple generalization is to replace /® : P® ^ P® 

generated by fp : Pi ^ P2 by an arbitrary monoid homomorphism 

fp : P® ^ P®. This allows to map one place pi in Pi to a sum of places, 

that is Pi I— >■ np * p for p2^ G P2, which is important for refinement. 

In IPOHllhl we introduce various morphisms that preserve safety properties 
in the sense of mm . These are illustrated in the examples in Section 0 

6. A morphism / : A^i ^ N2 of place/transition nets preserves the firing 

behavior: If transition vector v G F{T) is enabled under marking m in net 
A^i leading to marking m! , that is m[v > m! then also the transition /t('c) 
is enabled under marking /®(m) in net N2 leading to marking fp{m'), that 
is /®(m)[/p(u) > fp{m'). In a similar way morphisms preserve the firing 
behavior also for other types of nets. Specific kinds of net morphisms can 
be considered to preserve other kinds of Petri net properties, for example 
deadlock-freeness. Especially, isomorphisms preserve all kinds of net proper- 
ties which do not depend on a specific notation. 
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3.4 Parameters of Net Classes Based on Functors 

The parameters of net classes considered in Section |2| are expressed in terms of 
categories and functors instead of classes and functions. In more detail the classes 
of sets, structures, specifications, and model classes are extended by suitable mor- 
phisms leading to categories Sets of sets. Struct of structures, SPEC of speci- 
fications, and ModelClasses of model-classes, and for each SPEC G SPEC a 
category Mod(SPEC) of S P EC-models. Moreover, the functions are extended 

F G 

to become functors: Net : Sets ^ Struct ^ Sets, the net structure 

parameter and Mod : SPEC°^ s- ModelClasses, the data type (formal- 

ism) parameter. Note, that we use an overloaded notation, where Sets, Struct, 
SPEC, ModelClasses, and Mod(SPEC) denote classes and Net, F, G, and 
Mod denote functions in Section El while they denote categories and functors 
respectively in this section. In fact, all the examples of actual parameters of net 
classes given in Example Q can be extended to universal parameters of net classes 
with well-known categories and functors (see Sections 0 and Q • 

Parameterized classes have the actual parameters {Net, Mod) that are func- 
tors. In this case we have in addition to the abstract Petri nets N = (P, T, SPEC, 
A,pre,post) of the corresponding parameterized net class also abstract Petri 

net morphisms / : Ni ^ N 2 leading to the corresponding category. In the 

case of low-level net patterns Ni = {Pi,Ti,prei,posti) for {i = 1,2) of type 

{Net, Mod) an abstract Petri net morphism / : 7Vi ^ N 2 is a pair of 

functions / = {fp : Pi ^ P 2 , fr ■ Ti ^ T 2 ) such that pre 2 o fr = 

Net{fp) oprei and post 2 o fp = Net{fp) oposti. In the special case Net = (_)® 
we obtain the notion of morphisms for place/transition nets (see Subsection 13. 2jl . 
Moreover, these morphisms preserve the firing behavior of Petri nets. 



The Formal Net Structure Parameter 

jp 

The net structure parameter is given by the functor Net : Sets ^ 

Q 

Struct ^ Sets where Net = G o F and the functor P is a free functor with 

respect to the forgetful functor G. We only consider the net structure parameter 
of place/transition nets in more detail (see Exa.mple l llll) : 

Let Struct = CMou be the category of commutative monoids, F : 

Sets ^ CMou the free commutative monoid construction, that is F{P) = 

(P®,0,©), G : CMou ^ Sets the forgetful functor, defined by G{M,e,o) = 

M , forgetting only about the neutral element e and the monoid operator o. Then 

Net : Sets — CMou — Sets with Net{P) = P® is the universal net 
structure functor for the class of place/transition nets. 

In fact, F is a free functor with respect to G, because for each set P the free 

construction F{P) = (P®,0,©) together with the inclusion up : P ^ Go 

F{P) = P® satisfies the following universal property: For each commutative 

monoid {M, e, o) and each function f : P ^ G{M, e, o) = M there is a 

unique monoid homomorphism f : F{P) = (P®,0,©) ^ (M, e, o) such that 

G{J) oup = f: 
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P 

j 
Y 

G(M, e,o) = M ^ ^ G(F(P)) 

GU) 

In fact, f : (P®,0,©) ^ (M, e, o) is uniquely defined by /(O) = e and 

/( = SpGP * f(p)- universal property allows to extend the 

pre- and postdomain functions of place/transition nets pre,post : T ^ P® 

- and similar for other types of nets - to monoid homomorphisms pre, post : 
r® ^ P® and hence to parallel firing of transitions. 




The Formal Data Type Formalism Parameter 

The data type (formalism) parameter is given hj Mod : SPEC°^ ^ 

ModelClasses where Mod is a contravariant functor from SPEC to 
ModelClasses in the sense of category theory |AHS90| . We use the idea of 
specification frames |EljC()HnKhjE()?Hl| for the representation of the data type 
formalism parameter. According to the main concepts of algebraic specifica- 
tions, for each signature there is a category Cat(S) of models. Also signatures 
and signature morphisms constitute a category. The categorical formulation 
of these concepts is given by a functor Cat that provides for each signature 
its category of models. Moreover, each signature morphism implies a forgetful 
functor in the opposite direction. More formally, for each signature morphism, 

fs : Si ^ S 2 we can map models of S 2 to models of Si, that is Vf^ : 

Cat(S 2 ) ^ Cat(Si). For each model M 2 € Cat(S 2 ) there is Vf^{M 2 ) G 

Cat (Si), the model M 2 restricted to the syntax of S 2 - This construction is gen- 
eralized by a suitable (contravariant) functor Cat : ASIG°^ ^ CATCAT. 

In fact CATCAT is not a proper category, but only a quasi-category in the 
sense of (see Definition 3.49 there). This basic idea is extended to ob- 

tain suitable data type formalisms parameter for high-level abstract Petri nets. 
This extension involves a natural transformation, which can be regarded as map- 
ping of functors. This mapping is given by a family of morphisms, relating the 
target objects of both functors. We use this concept to relate the model of the 
data type signature with the set of places. 



3.5 Uniform Constructions and Results 

In Section0we have shown how to obtain several well-known and new net classes 
in a uniform way by the notion of parameterized and actual net classes. Now we 
raise the question, how far it is possible to obtain well-known results for each 
of these net classes in a uniform way. At first sight this seems hopeless, because 
each type of Petri net has its own notation and own kind of problems, although 
the general idea of most constructions and results is quite similar. However, the 
presentation of net classes as instances of parameterized net classes opens the 
way to study the theory on the level of parameterized net classes rather than 
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for specific actual ones. In the following we summarize some main constructions 
and results for abstract Petri nets in the terminology of this paper. In this way 
we obtain uniform constructions and results for all the actual net classes (see 
Example |2|) which are instantiations of parameterized net classes: 

1. There is a uniform notion of abstract Petri nets, their marking, enabling and 
firing of transitions (see Definitions El and . 

2. There is a uniform notion of morphisms for abstract Petri nets leading to 
the corresponding category. This category is cocomplete, which includes as 
special cases existence and construction of pushouts and coequalizers corre- 
sponding to union and fusion of nets (see Definition ITBl Theorem 0). 

3. Morphisms preserve the firing of transitions (see Theorems 0 and 0) . 

4. Firing of transitions can be extended to parallel and concurrent firing in a 
uniform way (see Subsection 18.81 and Theorem 0 . 

5. In the case of low level nets there is a uniform construction of the marking 
graph of a net in terms of F-graphs and a characterization of all those F- 
graphs, which are realizable by nets in the net class defined by Net = Go F 
(see |Pad96j l. 

6. There is a uniform construction of the operations union and fusion for nets 
in the sense of |S2|, which are most important for horizontal structuring 
of nets (see Definitions E] and 1^ . 

7. Important results concerning independence and parallelism of rule-based re- 
finement - developed first in the theory of graph grammars - have been ex- 
tended to parameterized net classes. Under certain independence conditions 
rule-based refinement is shown be locally confluent. Moreover, the parallel 
application of rules is possible. These parallel rules can be sequentialized in 
arbitrary order, provided they are independent (see Theorem 0 Theorem 0 
and Theorem 0 

8. Refinement is an essential technique for vertical structuring of the software 
development process. Several refinement notions are known in the Petri net 
literature (see for example |BGV90j l. Rule-based refinement can comprise 
these, provided they are based on morphisms. Examples are transition-gluing 
and place-preserving morphisms that refine nets so that safety properties are 
preserved. 

9. Horizontal structuring of nets based on union and fusion is compatible with 
rule-based modification of nets, provided that certain independence condi- 
tions are satisfied (see Theorems Q and EJ • 

10. There is a uniform construction of flattening from high-level abstract Petri 
nets of to low-level abstract Petri nets (see |Pad96j ). 

4 Applications of Parameterized Net Classes 

We now give two applications of our results in specific net classes that are instan- 
tiations of parameterized net classes. A detailed version of these applications has 
been already presented in |PGH99IFrm9b 1 lEPE96| . The first application is given 
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in terms of algebraic high-level nets (see Example 0 . The second application in 
Subsection lO is given in terms of place/transition nets. This category is ob- 
tained by actualization of parameterized net classes using the actual parameter 
given in Example ^ 

Note that we have examples and applications at different levels of abstraction. 
Examples at the level of net classes are given as examples for instantiations of 
parameterized net classes (e.g. Examples ^ or 0 . These are instantiations of 
the general notion of abstract Petri nets. Moreover, these examples constitute 
a specific Petri net class together with a corresponding theory for this class. 
In contrast to these example at a high level of abstraction the applications we 
present subsequently are examples at a lower level of abstraction. This means 
we illustrate our notions within a specific net class that is an example itself for 
the instantiation of parameterized net classes. 

4.1 Requirements Engineering for a Medical Information |EPE96] 

We now justify our concepts of horizontal structuring and rule-based refinement 
by sketching their role in the case study (see |Erm96LIEPE9B| l . 

The medical information system, called Heterogeneous Distributed Informa- 
tion Management System (HDMS), has been a large project, that included the 
whole reorganization of the medical and management data of the German Car- 
diac Center Berlin, Deutsches Herz-Zentrum Berlin (DHZB). This project has 
been developed by the Projektgruppe Medizin/Informatik (PMI) at the DHZB 
and the Technical University Berlin. The DHZB is a clinical center which is ded- 
icated to the treatment of all kinds of cardiac diseases. It is a specialized hospital 
which lacks many of the typical features normal hospitals have, for example there 
are no emergency admission or general clinical laboratories. The high grade of 
necessary machine support inherent in most of the medical treatments concern- 
ing the human heart motivate the need of an integrated and complete computer 
support. In fact, many computers and other electronic devices have been already 
used and have been necessary in many of the medical areas. Most surgeries or 
intensive care urgently require very fast and ‘intelligent’ machines. Even an x-ray 
device is a sort of a computer and the recording, the saving and the diagnos- 
tic radiology of x-ray films or angiographic films is rather impossible without 
computer systems. 

The aim of the project has been the development of a support and information 
system for all activities of the medical and the non-medical personnel at the 
DHZB, which is able to digitally record and store all medical data which are 
produced during the treatment of DHZB patients, which is able to communicate 
these data within the whole system and to present these in a unique form at the 
user interface for further human processing{ [FHM()91|ICTTO|V 

An adequate, formal requirements engineering has been the aim of this case 
study. We first introduce the actual state analysis of the core of the German 
Heart Center Berlin (DHZB). The integration of routines and documents is 
achieved by using algebraic high-level nets. Hence, in the case study |Erm96l 
lEPEflBj the actual state description and its development towards the functional 
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essence is shown as an algebraic high-level net. The presentation of the actual 
state involves several algebraic high-level nets and uses the structuring tech- 
niques union and fusion (as introduced in Section 0. The case study concerns 
the development of the actual state towards the functional essence. This involves 
mainly abstraction from irrelevant routines and documents. The transition from 
actual state to functional essence is realized using concepts of rule-based refine- 
ment. The algebraic high-level nets modeling the actual state contain about 130 
places and 50 transitions. The transition from actual state to functional essence 
comprises about 100 rules. Different strategies for the development of software 
systems demand independence of different refinement steps and independence 
from structuring. The possibility of local refinement that is valid for the global 
system is crucial for the practical relevance of such an formalism for requirements 
engineering. That means refinement cannot be achieved for the whole system, 
as this requires abolishing the structuring. Hence, refinement of the whole net 
has to be derived from the local refinement. The compatibility of structuring 
and rule-based refinement meets this demand. In ptrmDB] this compatibility has 
been shown on the basis of compatibility between fusion and union and rule- 
based refinement according to Theorems 0 and |H1 

4.2 Developing a Model of an Elevator [PGH99J 

In this subsection we stepwise develop a Petri net model of an elevator. The 
development of the model goes along with the development of safety properties 
for the model. These safety properties have to be proven only when introducing 
them, because they are preserved by all further modifications of the model. So 
this examples makes use of the results mentioned in Subsection namely items 
0 IHl and 0 

Some basic notions of the models (place/transition nets), temporal logic for- 
mulas, and refinement of models by transformations are given on an intuitive 
level in order to explain the example. We distinguish two major steps in the 
modeling of the elevator. First we derive a simple elevator which can arbitrarily 
move up and down. This model is equipped in a second step with a simple control 
mechanism to call the elevator. The first floor of the elevator is model-led by the 
net given in Figure 0 Analogously to graph grammars we call this initial model 
start net. There is a floor denoted by f and two states of the door. The places 
dc and do denote a closed, respectively opened door. The state of doors can be 
changed by the transitions o and c meaning opening and closing. The elevator 
can either go up, model- led by transition u, or come down, by transition d. From 
the viewpoint of the first floor, the elevator vanishes by going up. Analogously, 
it appears by coming down in an unpredictable way, that is the pre domain of d 
is empty. The initial marking Mq = f 0 dc denoted by black dots expresses that 
there is an elevator and the door is closed. Together with the start net Eq there 
is given a safety property. For security reasons it should always be guaranteed 
that if the door stands open the elevator is on the floor. 
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□ do 



Fig. 1. Start Net Eq 



This is expressed by the temporal logic for- 
mula at the bottom line of Figure Q Intu- 
itively, a temporal logic formula states facts 
about the markings and is given in terms of 
numbers of tokens on places. That is, the 
static formula 5a A 2b is true for a mark- 
ing M where at least 5 tokens are on place 
a and at least 2 tokens are on place b. 

The always operator in an invariant formula 
□ (5a A 2b) states that this is true for all 
reachable markings from M. 

In our case the safety property Ddo => f, meaning that “At any time, if the 
door is open then the elevator is on the floor” is satisfied. In fact, we can argue 
as follows: The formula do => f is satisfied in the initial state. Moreover, u is 
the only transition which deletes the token on f and therefore may violate the 
formula. After its firing, o — the only transition to change the state of the door 
— is not enabled. Therefore, the door stays closed. Summarizing, the formula 
do f is always satisfied. We are now going to enhance the model with 

further floors and requests bottoms. This will be done by adding floors to the 
start net, i.e. the application of the rules Tint and given in Figures El and 0 
Application of a rule to 
a place/transition net in- 
formally means replacing a ___ 

subnet specified by the left- 
hand side of the rule with 
the net specified by the 
right-hand side. As the left- 
hand sides of Tint and 
are empty, we simply add 
the right-hand side to the 
(start) net. The property 
which should hold for each 
floor separately is again that 
the doors must be closed if 
the elevator is not in that 
floor. 







□ do 



Fig. 2. Rule for Introducing an Intermediate 
Floor 



Correspondingly, the rules are introducing new safety properties depicted at the 
bottom of the net in the right-hand side. The formula Ddo f is satisfied for 
the net in the right-hand side of the rule, which can be seen analogously to the 
start net Eq. Applying these rules, of course, we do not want to lose the safety 
property, which we already proved for the start net. Moreover, the introduced 
safety properties should be propagated to the resulting net. The preservation of 
old safety properties and the satisfaction of the newly introduced safety prop- 
erties is stated in Theorem 3 in PCH99| . This means that the resulting net 
satisfies all the safety properties introduced by the rules and also all originally 
stated safety properties in the start net. 
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The application of the rule 
rfin depicted in Figure 0 
and iterated application 
of the intermediate rule 
fint yields an elevator with 
many (disconnected) floors 
and corresponding safety 
conditions. In order to 
connect the floors we have 
to identify the up-going of 
the elevator from one floor 
with the coming- from-below 
from the next floor, his is 
achieved by the rule Vgiu 
in Figure 0 that glues the 
corresponding transitions. 
It is compatible with the 
safety properties. Hence 
in the derived net still all 
safety properties hold. 







Fig. 3. Rule r/in for Introducing the Final Floor 







Fig. 4. Rule Vgi^ for Gluing Transitions 



^rq_finj '^rq_intj 



and 



rq_exc 

introduce exclusive requests 
to the elevator E2- If there 
is a request at a floor, 
the elevator may not leave 
that floor, unless the door 
has been opened and subse- 
quently closed. 



A 1 r • 7 ~! 7— 1 ^ 9^ •11 1 11 T — 1 

A sample transiormation sequence Aq > Ai > h2 yields the model A2 
of a simple elevator depicted in Figure 0 where -|- designates the parallel 
application of the rules ri and rj. 

The set of safety properties 
satisfied by E2 is given by 
{□dol fl, 0(102 

f 2 ,Ddo 3 f 3 }. This 

means that for all floors 
the safety property “At any 
time, if the door is open 
then the elevator is on the 
floor” holds. For enhanc- 
ing this simple model, we 
want to add a simple con- 
trol mechanism for calling 
the elevator. Three rules 




Fig. 5. Simple Elevator E2 



192 



Julia Padberg and Hartmut Ehrig 



The insertion of requests to floors where only one direction of movement is possi- 
ble is described by rule rrq_fin- The marked place nrq designating no request and 
transition r (requesting) are added. Furthermore, the elevator may only move 
if there is no request on this floor which is captured by an additional arc to the 
transition m. By closing of the door the request is cleared which is model-led 
by the additional arc from c to nrq. Similarly, rule Vrqjnt ~ not depicted in 
this paper - describes the insertion of requests to intermediate floors. The last 
rule Trq_exc describes the mutual exclusion of the requests. All the rules r^q... do 
not change the environment of places, i.e. they also preserve safety properties. 



^ r’g_/ in+rrq_fin+rr 






>Ea 



Applying them to our simple elevator E 2 via E 2 
results in an elevator E^ with a request mechanism. For the definition of these 
parallel application we use the results stated in Subsection 13.51 namely item 0 
and 0 The main advantage of our approach is that we do not have to prove 
the safety property in the net E^ but just for the start net and for the rule 
introducing new safety properties. By these we could add further safety proper- 
ties, which were preserved by transition gluing as well as place preserving rules. 
For software development this significantly decreases the cost of proving safety 
properties. 



Part II: 

Theory of Parameterized Net Classes 
Based on Abstract Petri Nets 

In Part II we introduce the formal foundation of parameterized net classes based 
on abstract Petri Nets and present the main results for parameterized net classes. 
The net structure and data type parameter of high-level abstract Petri nets are 
integrated orthogonally, so that different combinations are possible. The gen- 
eral theory of high-level abstract Petri nets allows us to define the operational 
behavior on an abstract level, to show its compatibility with net morphisms 
and to prove that the corresponding category of high-level abstract Petri nets is 
finitely cocomplete. The existence of specific colimit constructions is essential in 
order to apply general results concerning structuring and rule-based refinement 
to abstract Petri nets. In Section0we define low-level abstract Petri nets based 
on a net structure functor, the dara rtype formalism is introduced in Section El 
leading to high-level abstract Petri nets in Section 0 In Section 0 we study rule- 
based refinement and horizontal structuring. Rule-based refinement is studied 
within the frame of high-level replacement systems. Results concerning indepen- 
dence, and parallelism of derivations, as given in p^;HKP9l'h] . are extended to 
a new type of rules, which allow us to consider different kinds of refinement as 
special cases jPadDflb) . Horizontal structuring is given by the notions of union 
and fusion, motivated by the constructions in but they are defined in a 

categorical way independently of Petri nets. These results are the formal basis 
for the notions and results presented in the Examples in Sectional 
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5 Low-Level Abstract Petri Nets 

In this section we introduce a categorical version of Petri nets, called low- 
level abstract Petri nets. The constructions used in Section |2l free monoids for 
place/transition nets, the powerset construction for elementary nets and the con- 
struction for S-graphs are special cases of a categorical construction, that states 
that the constructions are generated or free and that a universal property with 
respect to all other objects exists. Low-level abstract Petri nets are based on 
a functor Net = G o F, which is the composition of such a left-adjoint func- 
tor F and the corresponding right-adjoint functor G. Instantiations of low-level 
abstract Petri nets to various low-level nets have been given in Section 0 

Definition 1 (Net Structnre Functor). 

1. We assume to have two categories Sets and Struct, called category of struc- 
ture, and functors F -\ G : Struct ^ Sets, where F is left adjoint to 

G with universal morphisms 'y^ : S ^ G o F{S) for all sets S in Sets. 

The composition 

Net = G o F : Sets s- Sets 

is called net structure functor. 

2. Furthermore let Struct be some category with commutative semigroups as 
objects. 

The basis for low-level abstract Petri nets are sets, which are used to gen- 
erate some structure. This structure, given by the category Struct defines the 
structure of the places and hence the markings. The second condition provides 
the addition, that is needed for the definition of firing and has not been included 
in [PKETITj . This condition ensures that each object in Struct is supplied with 
an associative operation -I-. 

Defiuitiou 2 (Low-Level Abstract Petri Nets). A low-level abstract Petri 
net N = (T, P,pre,post) is given by sets T and P, called transitions and places, 

pre 

and functions T Net{P) called pre- and postcondition ofT, where Net = 

post 

G o F : Sets ^ Sets with F -\ G : Struct ^ Sets is a net structure 

functor (see Definition^. 

The characterization of the operational behavior of low-level abstract Petri 
nets uses the adjunction, that is given by the net structure functor. The unique 
extensions allow the definition of enabling and the computation of the follower 
marking using the addition given in the category Struct. 

Defiuitiou 3 (Markiug, Euabliug, Firiug). Given a low-level abstract Petri 
net with N = (T, P, pre, post) and the unique extensions of pre and post, namely 
pre and post: 

1. The marking of a low-level abstract Petri net is given by m G F{P). 

2. A transition vector is defined by v G F({t}) . 
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3. V € F{{t}) is enabled under m G F(P) if there exists Wi € F{P) so that 
m = fn + pre(y) 

4- The follower marking m! G F{P) obtained by firing v under m is given 
by: m' = fh + post{v) 

In case of a unique +-complement fn with m = pre{t)+fh, we obtain a unique 
follower marking as well. This is the case for place/transition nets, because the 
+-complement for free commutative monoids is unique (see Eya.mnle lllll) . 

If the +-complement is not unique, it has to be specified by additional con- 
dition in the specific instance. This is the case for elementary nets, where the 
U-complement is not unique, but can be easily specified more precisely, demand- 
ing the usual complement on sets (see Example lll'lll . 

Next we define the category LLAPN of low-level abstract Petri nets, where 
we use a generated homomorphism for the mapping of the places. These mor- 
phisms are more restricted than the monoid-homomorphisms in |M M9(H |. as our 
kind of morphisms do not allow to map a place to a sum of places. But their 
advantage are the structuring techniques presented in Section 0 that cannot be 
obtained with usual monoid-homomorphisms (see IVIMDOI p. 115: The category 
Petri is not cocomplete). 



Definition 4 (Category LLAPN of Low-Level Abstract Petri Nets). 

Given low-level abstract Petri nets Ni = (Ti, Pi,prei,posti) with i = 1,2 a 
low-level abstract Petri net morphism f : Ni s- N 2 is given by a pair 



f = ifr, fp) of functions fr ■ Ti ^ T 2 , 

fp : Pi ^ P 2 such that we have com- 

patibility of the pre- and postdomain, that is 
the diagram to the right commutes separately 
for pre- and postconditions. 



Ti 

It 



T2 



pre± 



posti 



prc2 



pOSt2 



Net{Pi) 

Net(fp) 

Net{P2) 



Low-level abstract Petri nets together with low-level abstract Petri net morphisms 
yield the category LLAPN of low-level abstract Petri nets. 



The LLAPN-morphisms defined above preserve firing, that is if a transition 
of the source net is enabled, then the image of the transition in the target net is 
enabled as well. Moreover the follower marking of the source net is mapped to 
the follower marking of the target net. 

Theorem 1 (LLAPN-Morphisms Preserve Firing). Given an LLAPN- 

morphism f : Ni ^ N 2 (as in Definition^ and let v G F({<}) with t G Ti 

be enabled under m, 

(that is 3fn G F{Pi) : m = fn -\- prei{v) and the follower marking m' G F{Pi) 
is given by m' =fn-\- pfei{v) ) 

then: 



1. F{fT){v) is enabled under F{fp)(m): 



F{fp){m) = F{fp){m) -\- prc 2 o F{fT){v) 
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2. the follower marking after firing F{fT){v) is preserved: 

F{fp){rn') = F{fp)(m) + post 2 o F{fT)(v) 

This theorem is a special case of Theorem Q, so we refer to that proof in 
Annendix IH.II 

Examples of instances of low-level Petri nets have been briefly discussed 
in Subsections to H.41 In some more detail you And examples in another 
contribution to this book, namely in [IPEP.nij . 

6 The Data Type Formalism Parameter 

High-level abstract Petri nets, that are used as a frame for the uniform treatment 
of high-level nets are introduced in Section 0 High-level abstract Petri nets 
can be considered as an extension of low-level abstract Petri nets where the 
tokens are structured according to a given data type formalism. In order to 
allow different data type formalisms for different kinds of high-level nets we use 
the concept of speciflcation frames. Motivated by |Mah89j . speciflcation frames 
have been introduced in |EB()9IllE(I94j as a categorical framework that allows 
to cover different kinds of algebraic specifications and other formalisms for the 
description of data types. It is a special advantage that different kinds of logics 
can be treated within this frame. 

6.1 Specification Frames as the Data Type Formalism 

First we need some signature part for high-level abstract Petri nets in order to 
obtain terms for the decoration of the net structure. The subsequent definitions 
are closely related to the concepts of specification frames ^B091UEG94UWol95| 
and institutions HHHI. The main idea is to give the signature formalism in an 
abstract way, that only relates signatures to models. The following definitions 
lead to the data type parameter for high-level abstract Petri nets, presented in 
Definition EE step by step. As examples we consider algebraic specifications, 
predicate logic, and the functional programming language ML. 

Definition 5 (Signature Part for High-Level Abstract Petri Nets). The 

signature part for high-level abstract Petri nets is given by a specification frame, 
that is a category ASIG of (abstract) signatures S and a contravariant functor 

Cat : ASIG°^ ^ GATGAT, where GATGAT is the category of all cate- 

f ^ 

gories. This means, that for each fs G MORasig with SI ^ S 2 there is 

the forgetful functor Vf^ : Gat(S 2 ) ^ Gat(Si) with Vf^ := Cat{fs). 

Next we define the specification of the data type parameter. For this purpose 
we introduce sentences for signatures in the sense of institutions f(IB84] . We want 
the possibility of restricting the data type without restricting the signature for 
the arc inscriptions. Due to the aim of developing the data type parameter for 
high-level Petri nets we have to define sentences for the data type as as well 
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as for the firing conditions. The data type is equipped with axioms, that have 
to be satisfied by the models. This is the usual treatment of specifications as in 
equational algebraic specifications, conditional algebraic specifications, predicate 
logic and others. 

Definition 6 (Specifications for High-Level Abstract Petri Nets). Given 

the signature part Cat : ASIG°^ ^ CATCAT, a functor Sen : ASIG 

^ Sets and a family of sentence satisfaction relations C \Cat{E) \ x 

Sen{S), such that the following sentence satisfaction condition is satisfied for 
fs ■ Si ^ S 2 , M 2 G |Gat(S 2 )| and (p G Sen(Si) 

VfM) hir ^ ^ M 2 hir Sen{fs){p) 

then we have specifications SPEC = {S, AXIOMS) where AXIOMS C 
Sen{E). Specifications SPEC together with specification morphisms (that are 

signature morphisms fs ■ Si ^ S 2 , such that Sen{fs){AXIOMSi) is 

derivable from AXIOM S 2 ) j/zeW ASPEG, called the category of (abstract) spec- 
ifications. 

Note, we usually omit the index for the family of sentence satisfaction re- 
lations and write ^•5®" instead of Hlf"- Moreover, we have a model functor 
for specifications SPEC = {S, AXIOMS), that yields the category of models 
satisfying the axioms. This category Mod(SPEG) is a subcategory of Gat(S). 
These constructions, including the following two facts, are well-known for in- 
stitutions pB84] . The relationship between institutions and specification logics 
and frames is discussed in [EljOHlj and fEGH4j . 

Lemma 1 (Model Functor for Specification |EBQ91| ). Given ASIG, 
Cat, Sen, and 1='^®"' as in Definition 0 then there is the category ASPEG 
of (abstract) specifications SPEC and a contravariant model functor Mod : 
ASPEG°^ 5^ GATGAT, where Mod is a restriction of the functor Cat. 

This means for each fs G MORaspec with SPECl > SPEC2 there is 

the forgetful functor Vfj, : Mod{SPEC2) ^ Mod(SPECl) with Vf^ := 

Mod{fs). 

Lemma 2 (Gocompleteness of ASPEG [GB84J L The category ASPEG is 
cocomplete if the category of signatures ASIG is cocomplete. 

Definition 7 (Amalgamation IEG94I L A specification frame has amalga- 
mations, if for every pushout SPEC\ — SPEC3 — SPEC2 of 
SPEC2 SPECo SPECl in ASPEG we have 

1. For every Ai G \Mod{SPECi)\ for i = 0,1,2 such that V^j(Ai) = Ag = 
Vf^{A 2 ) there is a unique A 3 G \Mod{SPEC^)\, called the amalgamation of 
Ai and A 2 via Ag, written A\ -1-^^ A 2 , such that we have Vgj(A 3 ) = Ai and 

^92(^3) = ^ 2 - 
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2 . Conversely, every A3 G \Mod{SPEC3)\ has a unique deeomposition A3 = 

^ffi(^3) 1^2 (^3)- 

3 . Similar properties to Items m and above are required if we replace the 
objects Ai by morphisms hi in Mod(SPECi) for i = 0,1,2, 3 leading to a 
unique amalgamated sum of morphisms /i3 = hi +h„ /12 with Vg^(/i3) = hi 
and Vg^{h3) = h.2. 

As the variables are essential for high-level nets we have to express them at 
this abstract level. The usual treatment of variables as indexed set assumes a 
certain knowledge about the sorts available in the signature. Such an approach 
restricts the possibility of instantiation. To express variables in the context of 
specification frames we treat them as additional constants. Thus we introduce a 
set of morphisms V in ASIG that expresses variables as an inclusion of signa- 
tures. 

Definition 8 (Signatures with Variables). Variables are given by a class 
V of morphisms, that are preserved by pushouts (meaning: given a pushout 

Si — S3 — S2 of S2 — Sq — Si in ASIG then we have 
/i G V implies g2 G V/ 

A signature with variables {S' ,<f>) is given by cf : S ^ S' and 4 > €V. 

The expansion Exps'{M) of a model M G |Gat(S)| denotes all models M' G 
|Gat(S')| such that Vfj){M') = M . Each of the models of this expansion denotes 
an assignment. 

Furthermore, we demand, that the class V is compatible with the given set-based 
specification frame, that means for each (j) G V we have = idu^ the natural 
identity. 

We also have to express firing conditions. Note, there is no reason that sen- 
tences for the description of the data type and for the firing conditions are of the 
same kind. These two kinds of sentences are not necessarily related, although 
they are similar in most kinds of high-level nets. We choose for the sake of gen- 
erality two kinds and thus have two kinds of satisfaction relations, the sentence 
satisfaction defined above and the condition satisfaction defined below. 

Definition 9 (Conditions for the Firing of Transition). Conditions are 
given by a functor Cond : ASIG ^ Sets and the following condition sat- 
isfaction relation C \Cat{S)\ x Cond{S), such that the satisfaction 

condition is satisfied for fs : Ei ^ S2, M2 G \Cat{E2\ and G Cond{Si) 

VfM) hgr" V ^ M2 Cond{fs){g^) 

Conditions with free variables for a signature E are given by conditions of the 
signature with variables {E',(f>) with </> : E ^ E' , that is by Cond{E'). 

Note, we usually omit the index for the family of condition satisfaction rela- 
tions and write instead of 

The following lemma is crucial for a uniform treatment of arc inscriptions 
with variables. Hence, it is fundamental for the definition of abstract variable 
assigmments (see Definition II Itll and the proof of Theorem El 
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Lemma 3 (Translation of Signature with Variables). The translation of 

the signature with variables with cj) : Si ^ S'l along the morphism 

fs ■ Si ^ S 2 is given by the pushout eonstruction in ASIG and leads to 

the translated signature with variables {S' 2 ,(p 2 ). 



Proof. The translation is given by the following pushout in ASIG, where fs is 
the signature morphism and 4>i €V denotes the 

variables. Because V is preserved by pushouts, '^1 ^ 

we have 4>2 £ V. Thus {S' 2 , 4>2) is signature with 

variables. v 



^2 



4>2 



^'2 



Lemma 4 (Translation of Expansions). Given a specification frame with 
amalgamation as in Definition^ then for each signature with variables {S[, (fi), 
each signature morphisms fs '■ Si ^ S 2 , the translated signature with vari- 

ables {S2,4>2), and models Mi G Gat(Si), M 2 G Gat(S 2 ) each expansion 
Exps' {Ml) G Gat(S'j^) of Ml can be translated to an expansion Exps' {M 2 ) G 
Cat(S' 2 ) of M 2 . 

Proof. Given a model Mi G Cat(Si), an expansion Exps[{Ml) G Cat(S'j^), 
and a model M2 G Gat(S2) with Vf^{M2) = Mi, then we obtain the translated 
expansion Exps' {M2) G Cat(S2) by amalgamation Exp{M2)s' = 
Exps[{Mi) +Mi M 2 . 

Due to the condition satisfaction we furthermore have for each expansion : 
Exps[{Mi) G Gat(S'i): 

Exps,^{Mi) ^Coud^ ^ Exps'^{M 2 ) Cond{fs,){p). 

This translation of expansions provides the possibility to define as many 
variables as wanted and to give arbitrary names. The translation due to the 
pushout construction and amalgamation inhibits the identification of variables. 
But it permits the definition of new variables and renaming of variables. Re- 
naming is possible, because pushouts are unique only up to isomorphism that 
is unique up to renaming. Identification of variables has to be avoided, because 
then morphisms cannot preserve firing behavior. 

Due to the fact, that Petri nets are based on sets of transitions and places we 
have to provide the compatibility of specification frames with sets. This means 
we have to relate the models of the data type with the underlying sets. 

Definition 10 (Set-Based Specification Frames). A set-based specification 

frame {Cat, U) is given by a specification frame Cat : ASIG°^ ^ 

CATCAT and a family of functors U = (C/i;) 2 ;g|ASiG| "with Us '. Cat(S) ^ 

Sets and for each fs G MO Rasig with fs ■ Si ^ S 2 and Usi '. 

Gat(Si) ^ Sets for i = 1,2 there is a natural transformation iTf^ : Usi ° 

Vfj, ^ Usz, so that: 

1. 7T is compatible with the identity of signatures, that is for each S G ASIG 
we have TTids = die natural identity. 
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2. 7T is compatible with the composition of signature morphisms, that is for 

Si > E 2 and S 2 — — ^ A’3 we have TTg^ofs = '^gs ° '^/e- 
lowing diagram commutes: 

Ue, o U/, o u,, . [/^3 



Us.oVg, 

Summarizing, a data specification technique, called data type parameter for 
high-level abstract Petri nets, consists of a set-based specification frame, sen- 
tences, variables, and conditions. 

Definition 11 (Data Type Formalism Parameter). The data type formal- 
ism parameter for high-level abstract Petri nets DT = {Cat,U, Sen,V ,Cond) 
consists of 

1. a set-based specification frame (Cat,U) with amalgamation (Definition Q), 

where we have Cat : ASIG°p ^ CATCAT (see Definition^ and U = 

( )i;g I AS iG I (see Definition^, 

2. sentences Sen : ASIG ^ Sets (see Definition\^ that allow the descrip- 

tion of data type specifieations, leading to the category ASPEC, 

3. variables denoted by a class of morphisms V (see Definition\^, and 

4- conditions for the firing of transitions Cond : ASIG ^ Sets (see Defi- 

nition \W- 

Furthermore we demand that 

5. ASIG is cocomplete, and 

6. Cat(S) has an initial object for all S G ASIG. 

Note that (0 implies cocompleteness of ASPEC due to Lemma 0 

In the remaining part of this section we provide different examples of spec- 
ification techniques, which can be used as data type parameters for high-level 
abstract Petri nets. 

Example 4 (Algebraic Specifications). Algebraic specifications are a data type 
parameter for high-level abstract Petri nets. This data type parameter gives rise 
to algebraic high-level nets as in Example 0 

1. The set-based specification frame Cat : ASIG°^ ^ CATCAT is given 

by the category of algebraic signatures SIG in the sense of |EM85j and by 
the model functor Alg : SIG ^ CATCAT. 

Algebraic signatures are set-based: Us ■ Alg(S) ^ Sets is given by 

Us{A) = 1+Jsg5^s the disjoint union of the carrier sets. For each signature 

morphism / = {fsifop) '■ S\ ^ S 2 the natural transformation tt : 

Usi o Vf ^ Us 2 is given for all A 2 G |Alg(S 2 )| by inclusion of data 

elements: (P/(A 2 ))s ^ l+Jsgs^ ^ 2 s- is well-defined due 

to the definition of the forgetful functor, that is for each s G SI we have 
(Vf(A 2 ))s = ^ 2 /s(s)- Amalgamation is given in fEMR5] (see Definition 8.10). 
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2. The sentence functor Sen : SIG 



Sets yields for each signature the 



set of all equations over some set X, that is Sen(SPEC) = {(X, L, R)\L, R £ 
Top{X)}. The satisfaction relation is defined by the extended assignment 
with respect to an assignment of variables onto the same data element, that 
is A (X,L,R) a^y^{L) = Satisfaction is preserved due 

to Vf(A) (X,L,R) ^ A {X*J*{L)J*{R)) see Fact 8.3 

in |F)M85| . This yields the category of algebraic specifications SPEC in the 



sense of |EM85| with SPEC = {X, AXIOMS). Mod is given by the model 
functor Alg. 

3. V, the class of morphisms denoting variables is given by those inclusions, 

that given (j> : E ^ X' with (f> gV the signature X' only has additional 

constants. Given X = (S,OP), X' = (S,OP'), and </> : X ^ X' with 

4> GV then (j) = {ids, 4 >Op) is given by the identity on the sorts ids and an 

inclusion on operations (f>op '■ OP ^ OP', such that all operation not 

included in the image of (j)op are constants. 

Formally: MN gOP' : N ^ (t>op{OP) ^ N G OP'^ , 

V is preserved under pushouts: 

Given Xi = {S^,OPi) and X'^ = {S'^,OP') ^ 

for 1=1,2 and the pushout aside in SIG ^ 

then = Si due to the component-wise 
construction of pushouts and due to 4> = Y 

{ids^,(j)Op)- ^ 2 - 

Let N G OP 2 but N ^ 4>2op{OP2) then there is N' G OP{ so that 
fs,op{N') = N and N' ^ (j)iQp{OPi) due to the pushout construction 
in Sets. Thus N' is constant, that is N' G OP[^ ^ and as signature 
morphisms preserve the arity of operations we conclude N is constant 



<p2 



X'l 



X', 



as well, that is N G GP 2 a,/s(s) 

4. The condition functor Cond : SPEC ^ Sets yields for each signature 

the set of all ground terms, that is Cond{SPEC) = {{L, R)\L, R G Tqp}. 
Here, we only use ground terms, because the definition for variables as they 
are used for the decoration of the net, is given already on the abstract level us- 
ing the class V (see Item|3). The idea is to distinguish between variables used 
for the description of the specification and the variables used for the decora- 
tion of the net. The latter ones are given due to signatures with variables in 
Definition^ thus need not to be expressed for the conditions explicitly. They 
are used implicitly as the conditions are given for a signature with variables. 
The satisfaction relation is defined by the evaluation onto the same data 
element, that is A (L,R) evalA{L) = evalA{R) and satisfaction 

is preserved due to Vf{A) {L,R) ^ A {f*{L)J*{R)) see 

Fact 8.3 in \mm . 

5. SIG is cocomplete (see |GB84j L 

6. For each signature X there is the initial object, that is the termalgebra Ts 
in Alg(S) ( p4^ Theorem 3.7). 



Example 5 (Predicate Logic). The predicate logic data type part for high-level 
abstract Petri nets is based on the formulation of first order predicate logic 
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in the frame of institutions and is adapted to the predicate logic used 

in |(llj81[irien01| . This gives rise to predicate/transition nets as in Example |H1 

1. The set-based specification frame is given by one-sorted first order signa- 
tures S = where Q = denotes the set of n-ary opera- 
tions and n = the set of n-ary predicates. Together with mor- 

phisms preserving the arity, we have the category FOSIG. A model for 
S = (f?, 77) consists of a possibly empty domain R and functions and 
predicates {R, ilR, Ufi) with respect to the signature. Thus we have the 

contravariant functor Fosig : FOSIG°^ s- GATGAT where Fosig(S) 

denotes the category of models. 

First order signatures are set-based: For each signature E there is a functor 

Us ■ Fosig(S) ^ Sets that is given by the domain, Us{R, 77_r) = 

R. Thus 7T is the identity. 

Due to the fact that there is only one sort, amalgamation is given by identity. 
Hence, it is a special case of amalgamation of algebraic specifications. 

2. Sentences are given by closed formulas. Abstract specifications are given 
by abstract signatures and closed formulas. Their models are models of the 
signature that satisfy these formulas. 

Given a set of variables X we use the usual definition of terms: 

— X £ X is & term. 

— /" G 17” and ui, . . . , are terms, then /”(ui, . . . Vn) is a term. 

— No other expression is term. 

and formulas: 

— ui , U 2 are terms, then vi = U 2 is a formula. 

— p” G 77” and v\, . . . ,Vn are terms, then p”(ui, . . . u„) is a formula. 

— p is a formula then -<p is a formula. 

— Pi , P 2 are formulas then pi V p 2 is a formula. 

— X € X and p is a formula then 3a; : p is a formula. 

— No other expression is a formula. 

The functor FoSen : FOSIG ^ Sets yields for each abstract signa- 

ture FoSen{f2, n) the set of all closed formulas. First order signatures to- 
gether with a set of closed formulas AXIOMS C FoSen{il, II) denote the 
first order specifications FOSPEC = (12, II, AXIOMS). The model func- 
tor FoAIod : FOSPEG°^ ^ GATGAT yields for each specification 

FOSPEC = {12, n, AXIOMS) the category Fomod(II,n, AXIOMS) 
with the nonempty models that satisfy the formulas in AXIOM S . The 
satisfaction relation jg usual one for predicate logic. 

3. V, the class of morphisms denoting variables is given by those inclusions, 

that given (j> : S ^ S' with G V the signature S' only has additional 

constants similar to Example 0 Item 0 Variables are given by: 

S — X' G V if ^ = {(j)a,idn) and (j)a is inclusion so that VA G 12' : 
N ^ 4>n{12) N G 77'°. V is preserved under pushouts due to the same 
argumentation as in Example 0 ItemEl 

4. The firing conditions are defined in the same way as the sentences (see 
Item I2D. Note, we have closed formulas over some signature {S',(f>) with (f ) : 
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S ^ S' G V. This means, the formulas in FoCond{S') with FoCond : 

FOSIG ^ Sets are closed with respect to the signature S' , but in view 

of the arc inscriptions of the net we have free variables as they are given by 
(f) GV using additional constants. These are assigned by models of the ex- 
pansion. Due to this construction there is no confusion between variables 
bound by some quantifier and variables that belong to the net. 

5. FOSIG is cocomplete ( IGfj84l h 

6. Fosig(S) has an initial object, that is Tjj for all S G FOSIG ( j(tti84) h 
The empty carrier set problem is based on the subsequent facts: 

— Nonempty carrier sets may yield model categories without initial object. 

— Empty carrier sets may yield an unsound logic. 

This has some impact on high-level abstract Petri nets. In the first case we could 
not necessarily use the term algebra and would loose the cocompleteness of 
the category of high-level abstract Petri nets. But this cocompleteness is the 
basis for the structuring techniques presented in the following subsection. The 
second case has to be prevented anyhow. 

We have avoided the problem by allowing empty carrier sets for the model of 
the first order signature (thus we can assume the initial object) and by demand- 
ing nonempty carrier sets for the models of the specification (thus we obtain a 
sound logic). 

Example 6 (ML). Including ML into this frame yields a variant of colored nets 
in the sense of j.len M- The presupposition is to express ML and its semantics 
within institutions. This task has been solved in principle, but the details are 
not yet finished. Hence, we claim that also ML is a suitable data type part for 
high-level abstract Petri nets. 

7 High-Level Abstract Petri Nets 

In this section we first introduce the basic notions of high-level abstract Petri 
nets and discuss in Subsection 17.21 interesting instantiations. 

7.1 Basic Notions of High-Level Abstract Petri Nets 

We now introduce high-level abstract Petri nets, based on a data type parameter 
as defined above and a net structure functor as given in Subsection 0, that are 
fixed in this section. We define pre- and post-functions, that map each transition 
to a linear sum consisting of pairs of terms and places, where terms are data 
elements of the term algebra and places are elements of P. These terms 
represent the arc inscriptions. These inscriptions and the firing conditions have 
to include variables, which are given as a family of variables for each transition. 

Definition 12 (High-Level Abstract Petri Nets). Given a data type pa- 
rameter DT = (Cat^U, Sen,V,Cond) for high-level nets (Definition [H}) with 
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a category ASPEC of abstract specifications (Definition\^ and a net structure 
functor Net = GoF (Definition^ then a high-level abstract Petri net is given by 
N = {P,T, SPEC, Var,pre,post,cond) 

with 

— P : the set of places, 

— T : the set of transitions, 

— SPEC G |ASPEC| ; some specification with SPEC = {E, AXIOMS) 

— Var = {Var{t))t^T = the signature with variables with fit '■ 

E ^ E* gV for each transition t G T 

— pre,post : T ^ Net{Ust(Tst) x P) 

the pre- and posteondition functions of T, defining for each transition with 
adjacent arcs the arc inscriptions and the weight, such that preff), post ft) G 
Net{Ust{Ts*) X P). 

— cond : T ^ V fin{Cond{E*)) 

the funetion that maps each transition to a finite set of conditions over the 
signature with variables representing the firing eonditions such that cond(t) G 
Vf,n(Cond(E*)). 



Definition 13 (Marking, AA5'*-Enabling, Firing). Given a high-level ab- 
stract Petri net N = {P,T, SPEC, Var, pre, post, cond) with the model functor 
Mod (see Definition^) then we have for each data type model M G Mod(SPEC) : 

— A marking of N is given by m G E{Us{M) x P), where F is the left adjoint 
functor of the net structure functor Net = G o F (see Definition^ . 

— An abstract assignment for a transition t G T is given by AAS*' G Expst(M) , 
where Expst{M) is the expansion of M (see Definition^ with respect to 
the signature with variables {E*, fif) for t G T. 

The abstract assignment AAS* defines an abstract assignment function aas* : 
F{Us*{TEt) X P) ^ F{Us{M) X P) with aas* = F{Usfievafi) x idp), 

where evafi is the unigue morphism Tp;t ^ AAS* due to initiality 

ofTp;t. aas* is well-defined due to the fact that Us{M) = Ux;oV^t(AAS*) = 
Up;t(^AAS^) and Up;t(^eval^) : UxjtfTpjt) ^ U^ti^AAS^). 

— A transition vector is defined by v G F({t}) . 

— AAS* satisfies the firing condition cond(t) if and only if AAS* tp for 

all ip G cond(f). 

— A transition vector v G E({t}) is AAS* -enabled under m G F(Ue{M) x P) 

if there exists m G E{Us{M) x P) so that m = rh + aas* (pre{v)) , where 
pre : F{T) ^ F{Ust{Ts-t) x P) is the unigue extension of pre. 

Then t is AAS* -enabled, if v is AAS* -enabled. 

— The firing of a transition vector v under a marking m and an abstract as- 
signment AAS* G Expst[M) - provided that v is AAS* -enabled under m - 
is defined by the follower marking m' G F{Us{M) x P), given by: 

m' = m + aas* {post{v)) 
where post is the unigue extension of post. 
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The uniqueness of the follower marking still depends on the category Struct 
and the uniqueness of the +-complement. 

Morphisms for high-level abstract Petri nets are composed using functions 
between the sets of transitions, between the sets of places and between the 
specifications. The other components of the nets have to be preserved in order 
to obtain further results, especially concerning structuring. High-level abstract 
Petri nets together with the morphisms yield the category HLAPN. 



Definition 14 (High-Level Abstract Petri Net Morphisms). Given high- 
level abstraet Petri nets Ni = {Pi,Ti, SPECi,Vari,prei,posti,condi) for i = 

1,2 then a high-level abstract Petri net morphism f : Ni ^ N2 is given by 

/ = ifpjTjs) with 

— fp'.Pi ^ P2 maps places to places in Sets, 

“ fr ■ Ti ^ T2 maps transitions to transitions in Sets, 

— fs '■ SPECi ^ SPEC2 maps specifications to specifications in 

ASPEC, 

such that for all t\ G T\ and friti) = ^2 € T2 the subsequent conditions hold: 



1 . Preservation of variables : 

The translation of the signature with variables 
with (jyf : ^ along the 

morphism f-p : Si ^ S2 to the signature 

with variables {S*fi , (jff) is given by the pushout 
S^ and the corresponding pushout morphisms 
f^ and (j)2*^ in ASIG (see Lemma g).' 

2 . Compatibility of pre- and postcondition function: 
The following diagram 



Si 






fs 



PO 






S2 






Ti > Net{U^H (T^h ) X Pi) 

posti ^ ^ 



3 . 



It 



Net{fins) 

'' 



T2 T Net{U^t^{T^t^) X P2) 

post2 ^ ^ 

commutes componentwise, for 

fins — ^ P^tl(eUCt/)) X fp . t/^ti (P^ti ) X Pi ^ ^ S2 

with the natural transformation 

TTf^ : U^ti o Vf^(T^t2) ^ P^t2 (Tjjta) see Definition TTI\ 

where eval : T^t^ ^ Vf^ ^^6 unique morphism defined by AAS*fi 

due to initiality of T„ti . 

Compatibility of firing conditions: 

The following diagram commutes 
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Ti 



condi 



fr 



CP/„(Cond(r^)) 

Net(fins) 



T. 



cond2 



for fcond = 'Pfin{Cond{f^)) :Vfin{Cond{S{^)) ^ V fin{Cond{Sl^)) 



Definition 15 (Category HLAPN). High-level abstraet Petri nets (Defini- 
tion nm and high-level abstract Petri net morphisms (Definitions^ are defining 
a category HLAPN, called category of high-level abstract Petri nets. 

Due to the component-wise definition of morphisms we obtain composition, 
identities, as well as associativity of composition, and hence a category of high- 
level abstract Petri nets. 

Next we show that morphisms preserve the operational behavior, if the mod- 
els of the specification are compatible. We allow new sorts and operations in the 
specification. Thus new data elements may occur in the model. But the reduct 
of the model in the target net has to be identical to the model of the source net. 
Clearly, more changes of the data elements would change the firing behavior. 

Theorem 2 (HLAPN-Morphism Preserve Firing). Given an HLAPN- 
morphism f : Ni ^ N 2 (as in Definition \140 and compatible data type mod- 

els (that is Ml € Mod(SPECi) and M 2 € Mod{SPEC 2 ) with Vf^{M 2 ) = M\) 
and let v € F{{t}) with t G Ti be AAS\-enabled under m, (that is 3fh G 
F{UsA^i) ^ Fi) : TO = m-\-aasi{prei(v)) ) then there is an abstract assignment 
AAS 2 so that for fm = x fp ■' 

1. F{fT){v) is AAS 2 -enabled : 

F{fm){m) = F{fm){m) -\- aas2(pf^{F{fT){v))) 

2. the follower marking after firing F{fT){v) is preserved : 

F{fm){rn') = F{f^){m) + aas 2 {post 2 {F{fT){v))) 

The proof is given in Appendix IH.1L 
Theorem 3. HLAPN is finitely cocomplete 
The proof is given in Appendix IB. 21 

It is likely, that the category HLAPN of high-level abstract Petri nets has 
also arbitrary coproducts, that means it is even infinitely cocomplete. But we 
have not treated this proposition, because this result is not relevant for practical 
issues, it would only imply some kind of infinite composition. 

Corollary 1 (Decomposition of Pushouts). Given a pushout in HLAPN 
then the components yield the corresponding pushouts in ASPEC and Sets. 

Direct consequence from the constructions in proof of Theorem 01 
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7.2 Instances of High-Level Abstract Petri Nets 

We present some interesting instantiations of high-level abstract Petri nets in 
this subsection. We give the definitions as they result from the net structure 
functors given in Section 0 and the data type parts exemplified in Examples 01 
0 and El These instantiations do not correspond exactly to the definitions found 
in literature, they are closely related and the remaining differences are discussed 
in the subsequent examples. 

Example 7 (Algebraic High-Level Nets). There are different variants of algebraic 
high-level nets in literature (see urn H3ESS]), here we 

have chosen the definition given in An algebraic high-level net is given 

by AHL = (SPEC, P,T,pre,post,cond, A), where SPEC = {S,OP,E) is an 
algebraic specification and A is a SPEC-dlgehra. in the sense of [mm . 

pre,post : T ^ {Tqp{X) x P)® 

and cond : T ^ P fin\{Top{X) x {Top{X)) 

with the set of variables X = Xfi^x S so that (x, s), (x, s') G Var(t) => s = s' 
and Var(t) is the set of all variables occurring in pre(t), post(t) or cond(t). 

The instantiation of high-level abstract Petri nets with algebraic specifica- 
tions as the data type formalism parameter (see Example^ and the net structure 
functor of place/transition nets (see Exa.mnle lllljl yields algebraic high-level nets 
without algebras (also called algebraic-high-level net schemes in |EPR,94aj l. 
that is A = {P,T, SPEC, Var,pre, post, cond) 

with pre,post : T ^ {ToPt ^ P)®- The differences to the above defined 

algebraic high-level nets are: 

— The instantiation lacks a S'PPC'-algebra A, which however, is available in 
the corresponding instantiation of abstract Petri nets with models. 

— The variables of the instantiation are defined depending on the transitions. 
This dependency is given in algebraic high level nets implicitly, by the ad- 
ditional condition for the set of variables X. Nevertheless both formulations 
denote the same net, if the signature with variables is given for each t £ T 
by St = S-[- 

opns: X : ^ s for all {x, s) £ X 

This means, that each variable x of sort s is taken as an additional constant 
of sort s. 

Other variants of algebraic high-level nets can be obtained by slight changes 

of the data type parameter. Let the condition functor Cond : ASIG ^ Sets 

be the constant functor, that yields for each signature the empty set Cond{S) = 
0, then the corresponding instantiation of high-level abstract Petri nets is closer 
to the definition of algebraic high-level nets as defined in EeM]. Another ex- 
ample, if we choose order sorted algebraic specifications, which are shown to be 
an institution in |(JKS4j , we obtain an instantiation that is closely related to the 
order sorted algebraic high-level nets in |L1l95j . 

Example 8 (Predicate/ Transition Nets). Predicate/transition nets as defined in 
are given subsequently: 
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Definition 

Let L be a first-order language and let L 3 designate the 
sublanguage using only Us, the predicate denoting static 
relations. The class PRTl consists of marked annotated net, 

MN — {N, A, M^) where N is the underlying directed net, A is its 
annotation in L and is its representative marking. 

1 . N is a directed net, N = {S,T,F). 

2 . A is annotation of N, A — {An , As, At, Ap) where 

(a) An = 77. is a first-order structure for , called the 
support of MN (it is the kind of legend that eumotates 
the whole net rather than a particular element) ; 

(b) As is a bijection between the set of places, S, and the 
set of variable predicates, Ilg; 

(c) At is a mapping of the set of transitions, T, into the 
set of formulae (called transition selectors) that only use 
operators and static predicates (i.e. are in Ls) ; 

(d) Ap is a mapping of the set of arcs, F, into the set of 
symbolic sums of tuples of terms of L, LC, such that for 
an arc {x,y) €F leading into or out of a place (i.e. x = s 
or y = s) and n being the index of the predicate annotating 
s, Ap{x,y) is in LC^'^K 

3. is a consistent marking of places [...] 

The corresponding instantiation of high-level abstract Petri nets consist of 
the net structure parameter similar to place/transition nets (Example 03) and 
the data type parameter of predicate logic (Example Ej) • This means that the 
instantiation of high-level abstract Petri nets in this case is given by PRT = 
{P,T, E,var,pre,post,cond). The differences to the above definition are: 

1. Our instantiation is not supplied with a first order structure, but this is the 
case for the corresponding instantiation of high-level abstract Petri nets with 
models. 

2. We have no annotation for the places. 

3. We allow a set of firing conditions, where in iTCTn there is only one formula, 
the transition selector. 



Example 9 (Colored Petri Nets (81)). Colored Petri nets are based on 

indexed sets !TPC87| . where the colors denote the index and the color sets the 
indexed sets. 

Definition 

A colored Petri net R = {P,T,C, , I~) is defined bJ3 : 

— P the set of places 

— T the set of transitions with PUT and PUT = tit 

— C the color function from PUT ^ W where W is some 

finite set of finite and nonempty sets. An item of C{s) is 
called a color of s and C{s) is called the color set of s. 

^ We omit the initial marking. 
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- /+ (/” , respectively) is the forward (backward) incidence 
matrix of P xT, where (p,t) is a function from C{p) X C{t) 
to N . 

This class of high-level nets treats the data type on a purely semantical level. 
Thus there are different ways to present this class in the context of high-level 
abstract Petri nets. 

— One instantiation is achieved by the supplementation of the data type de- 
scription. The class of colored Petri nets I,len81l provides distinguishable to- 
kens, but no explicit functions, terms, variables, or assignment. Thus - seen 
strictly - it is not possible to give arc inscriptions or firing conditions. The 
data type model is merely given implicitly, due to the forward and backward 
incidence matrices, describing linear functions for each arc between places 
and transitions. 

To make explicit the specification describing the model, results in some other 
kind of high-level net, depending on the chosen formalism. One possibility 
is to use algebraic signatures. Then we use for each colored net above the 
following signature: 

cn-sig 

sorts: p for all p S P 

opns: / (p, t) : t ^ p for all (p,t) € P x T 

In this case colored Petri (81) nets can be considered as a special case of 
algebraic high-level nets. 

— Another instantiation, obtained by using the net structure functor of place/ 
transition nets (Example II I II) and indexed, pointed sets as the data type 
parameter yields nets without (real) inscriptions, but with a sufficient set of 
colors namely (Cp)p^p and (Ct)teT- Tbe drawback is that the firing behavior 
needs to be redefined in order to use the forward and backward incidence 
matrices. 

In both cases we do not supply an initial marking and the places are not 
sorted, that is each color is allowed on any place. 

Example 10 (Colored Petri Nets (92)). An instantiation of high-level abstract 
Petri nets similar to colored Petri nets (92), in the sense of j.leni)2j requires 
a data type parameter considering ML as an institution. The corresponding 
instantiation of high-level abstract Petri nets would be a close variant of colored 
Petri nets. 

8 Structuring Results for Abstract Petri Nets 

We now show the structuring techniques and the compatibility results for (high- 
level) abstract Petri nets. First we introduce rule-based refinement in Subsection 
with results concerning local confluence and parallelismin in Subsection 18.21 
and horizontal structuring techniques in Subsection 18.81 
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8.1 Rule-Based Refinement 

The concept of refinement is a well-known technique within software engineer- 
ing in general and for stepwise development of Petri nets in particular. In fact, 
several different concepts for the refinement of nets have been proposed in liter- 
ature, above all the refinement of one place, one transition or even a subnet by 
some other subnet. Based on the idea of formal grammars we propose rule-based 
refinement, to present rules denoting the replacement of a subnet by another one, 
without changing the remaining part of the whole net. This has the advantage of 
a simple local presentation of the refinement even if the whole system is large and 
complex. We consider to have a rule (or production) p with a left-hand side net L 
that is replaced by a right-hand side net R. This rule can be applied to some net 
TV, yielding the new net M. This application of a rule, called transformation, 

p 

is denoted by N > M. Rule-based refinement is based on a construction 
consisting of two pushouts, called double-pushout diagram. The proofs of the 
different compatibility results make use of this close relation between the cate- 
gorical concepts of rule-based refinement and horizontal structuring. In fact, all 
of them are based on specific colimits. 

Since the general theory of rule-based refinement is presented in the frame 
of high-level replacement systems (see jEHKPQ lEllPad99'Bj 1 . the proofs in Ap- 
pendixinimake use of specific conditions for high-level replacement systems. The 
underlying theory of high-level replacements is given purely categorical, so we 
formulate the following notions and results in these terms. The application to 
abstract Petri nets is due to the satisfaction of the HLR- and Q-conditions 
under the following assumptions. 

Definition 16 (HLR- Assumption for Abstract Petri Nets). The assump- 
tions for being a HLR-category are for abstract Petri nets the following: 

1. There is a class of M-morphisms for high-level replacement system in the 
category HLAPN given by the class of HhAPlSS-morphisms, that are in- 
jective functions and a suitable class of A4aspec -'m-orphisms for the data 
type parameter. 

2. The high-level replacement system (ASPEC, AIaspec) of abstract specifi- 
cations satisfies the HLR- conditions (see DeHnition lUti) . 

3. There are pullbacks of M-morphisms in HLAPN (see Definition^ 

4-. There is some category QHLAPN and an inclusion functor 

I : HLAPN ^ QHLAPN that satisfies the Q-conditions (see Defi- 
nition 21). 

In the case of abstract Petri nets - and similar in the general case - the rule 
is split into a deleting part L, an adding part R and an interface K which is 

presented, such that the rule p is given by p = {L ^ K ^ R) where I 

and r are mappings of Petri nets, called Petri net morphisms. Deleted are those 

parts of the net L that are not in the image of the morphism I : K ^ L. 

In general terms, the ‘difference’ between L and K is deleted. Adding works 
symmetrically, all those parts of R are added, that are not in the image of the 
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P 

morphism r : K ^ R. The transformation G > H is defined using two 

pushouts (1) and (2). Since the general notion of refinement cannot be expected 
to be compatible with all different kinds of analysis techniques and behavior, we 
have introduced the notion of Q-morphisms and Q-rules in |Pad9Hb| . which can 
be adapted to different kinds of refinement for nets found in literature. In the 
following the concept of rule-based refinement is formalized using the notions of 
transformations and Q-transformations. 

Definition 17 (Rules and Transformations). 



I r 

1. A rule in HLAPN p = {L ^ K ^ R) consists of the abstract 

Petri nets L, K and R, called left-hand side, interface (or gluing net), and 
right-hand side, respectively, 

and two morphisms K — L and 
K — R with both morphisms 
l,r G A4, the distinguished class of 
morphisms in HLAPN. Given a rule 
p = {L — K — R) a direct trans- 
formation G > H , from an abstract Petri 
net G to an abstract Petri net PI is given by 
two pushout diagrams 

(1) and (2) in the category HLAPN. The morphisms L — Q 
R ^ H are called occurrences of L in G and R in H , respectively. By 

an occurrence of rule p = {L — K — R) in a a net G we mean an 
occurrence of the left-hand side L in G. 




A transformation sequence G * > H , short transformation, between nets 
G and H means G is isomorphic to H or there is a sequence of n> 1 direct 
transformations: 



G = Go 



Pi 



Gi 



P2 



Pn 



Gn = H 



2. A Q-rule (p, q) is given by a rule p = {L 
(see above) and a Q-morphism q : L ^ 



K 



R) in HLAPN 



^ R, so that qol = r in QHLAPN. 
Moreover there is a unique Q-morphism q' : G ^ H , such that q' o ci = 



C 2 - Morevover, we have the pushout R — H — G of 

Q , V . 

G ^ L ^ R in QHLAPN. The transformation {G > H,q : 



G ^ H), or short G > H , 

QHLAPN. 



is called Q-transformation in 



8.2 Local Confluence and Parallelism for Rule-Based Refinement 

This subsection deals with the independence of transformations and Q-trans- 
formations. Independence intuitively means that the changes of subsequent or 
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parallel transformations do not infer with each other. Then three of our main 
theorems are given concerning local confluence and parallelism of transforma- 
tions. 



General Assumption: 

The assumptions as in Definition \TR hold. 

This means speaking in the following of transformations and Q-transforma- 
tions we mean those in the categories HLAPN and QHLAPN. 

Definition 18 (Sequential Independence [EHKPQlbJ h Given two direct 

Pi P2 

transformations G > H and H > X as in the subsequent diagram: 




Pi P2 

Then G > H and H > X are called sequentially independent if and 

only if there are the morphisms k\ : R\ ^ C2 and lt2 '■ L2 ^ C\, so 

that ni = P2 o k\ and m2 = h\o k2- 



Definition 19 (Parallel Independence [EHKP91 h] l. Given two direct 

Pi rr 7 ^ 



transformations G 



Hi and G 



H2 as in the subsequent diagram 




Then G 

only if there are the morphisms ki : L\ 
that mi = g2 o k2 and m2 = gioki. 



C2 and k2 '■ T2 



Cl 



The following results, called local Church- Rosser Theorem I and II, show that 
independent direct transformations and Q-transformations commute, where in- 
dependence of Q-transformations means independence of the underlying trans- 
formations. 

Theorem 4 (Local Church- Rosser I [EHKP91bl|Pad99b |). 

1 . Given parallel independent direct transformations 



G 



Hi and G 



H2 there is a net 

P2 



Hi 



X and direct transformations Hi 



X 



and H2 

Pi 



Pi 



X, so that the transformations 



G 



> Hi 



P2 



> X and G 



P2 



> H2 



Pi 



> X 




X 



are sequentially independent. 
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2. Given two parallel independent Q-transformations {G 



Pi 



Hi, qi 



G 



Hi) and {G ^ > H 2 ,Q 2 '■ G 



H 2 ) then there are two Q- 



, r ,■ ^ (Pl.9l) (P2,r2) (P2,92) (Pl.J-l) 

transj or motions G > Hi > X and G > H2 > X so that T20 

<7i = ?"i o 92 • 

For the proof see Appendix lti.;il 

Theorem 5 (Local Church- Rosser II [EHKPQlbj Pad99b 1 1 . 



1. Given a sequentially independent transformations G 



Hi 



X 



P2 Pi 

there also exists a sequentially independent transformation G > H 2 > 

Pi P2 

X . Moreover, the transformations G > Hi and G > H 2 are parallel 



independent. 

2. Given two sequentially independent Q-transformations {G 



Hi,qi : 



G 



Hi) and {Hi 



^X,T2 : Hi 



X) then there is a Q-trans- 



(P2,<?2) 

formation G > H 2 > X so that r 2 °qi = rioq 2 . Moreover, the trans- 



Hi,qi 



G 



formations {G - 
G ^ H 2 ) are parallel independent. 



Hi) and {G 



H2 ri 



For the proof see Appendix IH.,21 

Definition 20 (Parallel Rules [EHKP91bl Pad99b] L 



1. Given rules Pi = {Li 






Ri) andp2 = {L 2 



K 2 



R 2 ) the rulepi~\-p 2 = (L 1 + L 2 ^ Ki-\-K 2 ^ i?i + i? 2 ) defined by 

binary coproducts in HLAPN is called parallel rule of pi andp 2 . 

Transformations G 
formations. 



2. Given two Q-rules pi = 
parallel Q—rule 



X defined by parallel rules are called parallel trans- 
for i = 1,2 then there is a 



91+92 



P1+P2 = L 1 + L 2 ^ Ki + K2 ^ Ri + R 2 ’ + denotes the cor- 

responding coproduct- constructions, provided that the corresponding coprod- 
uct exists in QHLAPN. In this case we have pi -\- P 2 € Q, because Q is 
closed under coproducts (Definition 21). 



Theorem 6 (Parallelism [EHKP91bJ L Let pi and p 2 be rules and pi + p 2 
the corresponding parallel rule as defined in Definition Wlh. then we have: 
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1. Synthesis: 

Pi P2 

For a sequentially independent transformation si : G > Hi > X as 

in Deftnition I / there is a parallel transformation t : G 

2. Analysis: 

Given a parallel transformation t : G X as in Definition there are 

tujo sequentially independent transformations sr ■ G ^ Hi ^ X and 

S2 : G H2 A. 

3. Bijective correspondence: 

There is a bijective correspondence between sequentially independent and par- 
allel transformations. 

That means, given the sequentially in- 
dependent transformation Si the “syn- 
thesis” construction leads to the paral- 
lel transformation t and the “analysis” 
construction leads back to the same se- 
quentially independent transformation 
Si (up to isomorphism), and vice versa 
as shown in the diagram to the right. 




Given a parallel Q-transformation G 



(pi+P2,9) 



X and its sequentializations 



G 






^ X and G 






X then we have additionally: 



ri o q 2 = q = V 2 o qi 
For the proof see Appendix E3 



8.3 Horizontal Structuring and Its Compatibility 
with Rule-Based Refinement 

We now introduce two basic constructions for high-level structures. The first 
one, allowing the construction of larger structures from smaller ones with shared 
subpart is called union. The second one is called fusion, a construction which 
allows to identify distinguished items. This is a generalization of the notions 
introduced by for coloured Petri nets. We adopt this notion and refor- 

mulate it in the frame of high-level replacement systems, thus we can apply it 
to other application areas. These constructions yield a horizontal structuring for 
high-level structures, while transformations in high-level replacement systems 
are regarded as rule-based refinement. Compatibility results under suitable as- 
sumptions between horizontal and vertical structuring are shown as the main 
results of this section. 



General Assumption: 

The assumptions as in Definition El hold. 
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This means speaking in the following of transformations and Q-transforma- 
tions we mean those in the categories HLAPN and QHLAPN. 

Definition 21 (Fnsion). The fusion of two morphisms /i,/2 : F ^ G in 

HLAPN between nets F and G is the coequalizer {g : G ^ G',G') of f\ 

and /2- The fusion is denoted by G G' via {F, fi, f 2, g) short G G' . 

The intuitive idea is that two occurrences of a subnet fi{F) and f2{F) in G are 
fused together within the given net G leading to a new net G' . Several occurrences 
of subnets can be fused by iterated fusion, that is by iteration of coequalizers: 
Given fusion G G' via (F, fi, f 2, g) and G G" via (F', fi, f 2, 9') the 

iterated fusion G G”' via (F + F' , fi, f[, f2, fi, g") can be constructed 

directly as the pushout G' ^ G"' ^ G" of G' ^ G ^ G", 

where (fi, f[) and {f2, fi) are induced by coproduct constructions. 

Examining the relation between transformations and fusion, it becomes clear 
that a transformation and a fusion applied to one net cannot be compatible 
if some part of the subnets to be fused is deleted by the transformation. The 
following parallel independence condition excludes this possibility. 

Definition 22 (Independence of Fnsion and Transformation). A fusion 
G G' via (F, /i,/2,g) is parallel independent from a transformation 

G > F[ with p = (L ^ K ^ R) and given by pushouts (1) and 

(2), if there are morphisms k\,k2 '■ F ^ G so that the triangle (3) com- 

mutes component-wise: 



K ^ R 




Theorem 7 (Fnsion). 

p 

1 . Given a fusion G G', which is independent from a transformation 

G ^ > F[ there is a net H' , obtained by fusion F[ FI' and also by 

transformation G' ^ > FT . That means, we have 

G H H' = G G' H' 



in the sense that both sides are defined by the same diagram. 
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F (P’?) 

2 . Given a fusion G G' independent of the Q-transformation G > H , 



we have in addition G 



(p.«) 



H H' and G G' 



ip,g') 



H' where 



{p,q') is the induced Q-transformation. 



This means that transformations and fusions are compatible, provided we 
have independence. 

Definition 23 (Union). The union of a pair of nets (Gi, G2) in HLAPN via 

some interface I with the morphisms ii : I ^ Gi and 

Z2 : I ^ G2 is given by the pushout ( 1 ) and denoted by 

{GIG2) G via (/,zi,Z2), short (Gi,G2) G. 




Definition 24 (Independence of Union and Transformation). A union 
(Gi, G2) G is called parallel independent Li ^ Ki ^ 



from transformations Gi > Hi for z G {1, 2} 
given by the pushouts ( 1 ) and ( 2 ) if there are 

morphisms I ^ Ci so that the triangle (3) 

commutes for i € {1,2}. 




I 



Theorem 8 (Union). 

L Given a union (Gi,G2) G independent from the transformations 



(iJi, i? 2 ) H and by the transformation G pQj-QHgi 



Gi > Hi for i = 1,2, then there is a net H obtained by the union 

(iJi,i?2) H and by tl 

Pi + P2, such that we have 

(Gi,G2) G H = (Gi,G 2) (i^l,i^2) H 

(Pl )P2 ) 

where (Gi,G2) > (Hi,H2) denotes the tupling of the separate transfor- 

mations of GI ^ > Hi and G2 > f?2- 
2 . Given a union GI.G2 G, independent from the Q-transformations 

GI ‘^ > Hi and G2 ^2 then we have 



(GI G2) \=a^ G H = (Gi,G2) {HIH2^ H 

such that 

I ^ Gi Hi ^ H = I ^ Gi ^ G H 

and I ^ G2 i?2 ^ H = I ^ Gi ^ G H. 
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9 Conclusion 

We have suggested a uniform frame for the classification and systematization 
of Petri nets. Abstract Petri nets constitute the formal basis of such a uni- 
form frame. They provide an abstract description of Petri nets together with 
a substantial body of theoretical results, concerning operational behavior, hori- 
zontal and vertical structuring. In this paper we have given a uniform approach 
to different types of Petri nets, including low-level nets, like elementary and 
place/ transition nets, as well as high-level nets, like algebraic high-level or pred- 
icate/transition nets. The main idea of this approach is to introduce parameter- 
ized net classes, which are based on a net structure parameter for low-level nets 
and in addition a data type formalism parameter for high-level nets. By instan- 
tiation of these parameters we obtain many well-known net classes studied in 
the literature but also several new interesting net classes in a uniform way. In 
particular we have achieved in the following results: 

— Abstract Petri nets are a uniform approach to capture different kinds of low- 
and high-level net classes, well-known ones like place/transition nets, ele- 
mentary nets, S-graphs, algebraic high-level nets, predicate/transition nets, 
colored nets and several new ones. We have covered the basic notions of Petri 
nets, like net structure, operational behavior, and marking in a uniform way 
for low-level abstract Petri nets and for high-level abstract Petri nets as well. 

— We make rule-based refinement available for all instantiated net classes. 
Hence, we have obtained this new, general refinement for place/transition 
nets, variants of elementary nets, S-graphs, algebraic high-level nets, predi- 
cate transition nets and colored nets. 

— Horizontal structuring techniques, union and fusion have been introduced at 
an abstract level in order to make these techniques available to all instanti- 
ations. 

— We have proven the compatibility of our notion of refinement with the hor- 
izontal structuring techniques union and fusion. This compatibility makes 
use of different notions of independence. 

Moreover we have sketched the application of these results in two examples 
of different instantiations. 
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A Review of High-Level Replacement Systems 

Here we briefly review the concepts of high-level replacement (HLR) systems 
in the sense of IMHkPolhl . a categorical generalization of graph grammars and 
of Q-conditions according to [Pad96lL*ad99a] . High-level replacement systems 
are formulated for an arbitrary category CAT with a distinguished class A4 of 
morphisms. 



A.l High-Level Replacement System and HLR- Conditions 



Definition 25 (High-Level Replacement System). Given a category CAT 
together with a distinguished class of morphisms A4 then (CAT, At) is called a 
HLR-category i/ (CAT, At) satisfies the HLR- Conditions. 



iwrcrtfiiis 



Variants of the following HLR-conditions have been stated in 
order to prove local Church-Rosser and Parallelism Theorems in the framework 
of high-level replacement systems. In fact the conditions below imply those in 
and they are referred to as HLRl*-conditions |Pad93| . 



Definition 26 (HLR-Conditions). Given a category CAT (of high-level 
structures) and a distinguished class At of morphisms in CAT the following 
conditions Q-0 are called HLR-conditions: 

1. Existence of M. pushouts 

For objects A,B,C and morphisms A ^ B and 

A ^ C , where at least one is in At there exists 

a pushout C ^ D ^ B. 

2. Existence of A4 -pullbacks 

For objects B,C,D and morphisms B ^ D, C ^ D as in diagram 

(1) above, where both morphisms are in At there exists a pullback 
C ^ A ^ B. 

3. Inheritance of Ai 

— under pushouts : 

For each pushout diagram (1) as above 

the morphism A ^ R C At implies C ^ D € A4. 



A ^B 

( 1 ) 

C 
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— under pullbacks : 

For each pullback diagram (1) as above the morphism B ^ D £ Ai 

and C ^ D £ Ai implies A ^ B £ A4 and A s- C £ Ai 

4-. Existence of binary coproducts and compatibility with Ai 

— For each pair of objects A, B there is a coproduct A+B with the universal 
morphisms A ^ A + B and B ^ A + B. 

— For each pair of morphisms A — A' and B — B' in A4 the 

coproduct morphism A + B A' + B' is also in Ai. 

5. Monomorphism condition: Ai is a class of monomorphisms in CAT. 

6. Existence of initial object: CAT has an initial object. 

1. Ai-pushouts are pullbacks: Pushouts of Ai -morphisms are pullbacks. 

8. Ai-pushout-pullback-decomposition 
For each diagram to the right, we have: 

If (1+2) is a pushout , (2) is a pullback 

and A >- C, B ^ D, E >- F, 

B ^ E and D ^ F are Ai- 

morphisms, then also ( 1 ) is a pushout. 

A. 2 Q-Conditions 

The main idea in the following definition is to enlarge the given HLR-category in 
order to include morphisms, that are adequate for refinement. The Q-conditions 
| |Pa,d9flh| state additional requirements, that an HLR-category has to satisfy for 
the extension to refinement morphisms. 

Definition 27 ( Q-Conditions [Pad99b| )- Let QCAT be a category, so that 
CAT is a subcategory CAT C QCAT and Q a class of morphisms in QCAT. 

1. The morphisms in Q are called Q-morphisms, or refinement morphisms. 

2. Then we have the following Q-conditions: 

Closedness: Q has to be closed under composition. 

Preservation of Pushouts: The inclusion functor I :CAT ^ QCAT 

f' 9 ' 

preserves pushouts, that is, given C ^ D ^ B a pushout of 

B A C in CAT, then I{C) I{D) I{B) is 

a pushout ofI{B) I{A) I{C) in QCAT. 

Inheritance of Q-morphisms under Pushouts: The class Q in 
QCAT is closed under the construction of pushouts in QCAT, that 

is, given C — D ^ — B a pushout of B — A — C in 
QCAT, then f £ Q f £ Q. 

Inheritance of Q-morphisms under Coproducts: The class Q in 
QCAT is closed under the construction of coproducts in QCAT, that 

is, for A — B and A' — B' we have f, f £ Q => f + f & Q 

/+/' 

provided the coproduct A+A' ^ B+B' of f and f exists in QCAT. 



A ^B 

( 1 ) ( 2 ) 

'' Y Y 

C ^F 
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3 . A Q-rule (r, q) is given by a rule r = L — K — R in CAT and a 

Q-morphism q : L ^ R, so that K — L — R = K — R 

in QCAT. 



B Proofs of the Main Results 

We now give the proofs of Theorem [D to Theorem El that have been presented 
in SectionElto Section 0in Part II. 

B.l Proofs of Theorem n and Theorem El 

Proof of Theorem^is a special case of Theorem El that is proven below. 

Proof of Theorem 

First, we have to define the abstract assignment using amalgamation (see Defi- 
nition[7|): AAS2 = AAS\+Mi ^2 which is well-defined due to Vf^{M2) = Ml = 
V^(AASi). 

Because of the compatibility of firing conditions we have for each ip2 G cond2 
{fT{t)) there is (pi G cond\{t) with Cond{fs){pi) = T2 and due to the satisfac- 
tion condition we can conclude: AASi \= ip i AAS2 H T2 
Next, note that for each ti G T\ and /r(ti) = t2 G T2 the following diagram 
commutes: 



C/ ti {evalti) 

^ ^ (AA5 i) 









(lb) 

U ±2 (evah) 






U^t2 {AAS2) 



id 



(eval) 


(la) 


id 


( 2 a) 




U^tiOVf^ievah) 


’ 


id 




AAAS2) 



( 2 b) 



id 



UsdMi) 



Ust o Vf^{M2) 



'^fz; 



Us2{M2) 



(la) commutes due to initiality of T^t^ in Cat{S*f^) 

(lb) commutes due to natural transformation Cat{Sl^) 

(2a) and (2b) commute due to the amalgamation AAS2 = AAS'i-|-Mi ^2 

We have aasi = (eval\) xidp,), aas2 = F{U ^t2 (eval2) xidpA. The carte- 

sian product and functors preserve commutativity of diagram (la -|- lb -|- 2a 



224 



Julia Padberg and Hartmut Ehrig 



+ 2b), so we conclude that (3) commutes in Struct. 



F(C/.n(T„*0 xPi) 



Fifir^s) 



X P2) 



F{UeAMi)xPi) 



( 3 ) 



F{7,J^Xfp) = FUm) 



with fins as defined in Definition I14I2I 



F{UsM)xP2) 



This leads to the desired propositions. 

1. F{fT){vt) is aas 2 -enabled: 

F{fm){m) 

= F{fm)(m + aasi{prF[{vt))) 

= F{fm){m) + F{fm){aasi{prei{vt))) 

= F{fm)im) + aas2{F{fins)iWeiivt))) 

= F{fm){m) + aas2{WF2{F{fT){vt))) 

2. the follower marking after firing F{fT){vt) is 

F{fm){m') _ 

= F{fm){m + aasi{posti{vt)y) 

= F{fm){m) + F{fm){aasi{posti{vt))) 

= F{fm){m) + aas2{ F{fin s){posti{vt))) 
= F{fm){m) + aas2{post2{F{fT){vt))) 



m is ^ 2 lS'i-enabled 
due to homomorphisms 
in Struct 
as (3) commutes 
due to HLAPN-morphisms 
(Definition II 411 
preserved: 

m' is follower marking 

due to homomorphisms 

in Struct 

as (3) commutes 

due to HLAPN-morphisms 

(Definition IHIl 



B.2 Proof of Theorem ^ 

(Proof of Theorem^ 

The proof is based on the fact that arbitrary finite colimits can be constructed 
if the category has initial objects and pushouts (by dualization of Theorem 12.4 
in lAHMfiOh . 

Initial Object: 

The initial object A 0 is given by: 

-^0 = (-P 0 iT 0 i'S' 0 ,pre 0 ,post 0 ,cond 0 ) with 
— P(i = T(/) = CONDg) = 0 the initial object in Sets 
— SPECtj) is the initial object in ASPEC 
Given a high-level abstract Petri net N = {P, T, SPEC, Var,pre,post, cond) 
the unique HLAPN-morphism / = (/|>, /®, ffj) : Ni/, ^ N is given by 

— fp — fx is the empty function 

— f^ is given by initiality of SPECi/). 

The conditions n to 0 for HLAPN-morphisms (see Definition 1 1 411 hold, due 
to emptyness of T^. 



Parameterized Net Classes: A Uniform Approach to Petri Net Classes 



225 



Pushout: 

Given Ni = {Pi,Ti, SPECi,Vari,prei,posti,condi) for 0 < i < 2 and 
Ni ^ — Nq — ^ 2 with / = (/p,/r,/i;) and g = 



Then the pushout = {P^^T^, SPEC3,Var3,pres, posts, cond^) with 

Ni — ^ TVa ^ — N2 and g' = {g'p, g'j,, g'^) and /' = {f'p, f!p, f'^) is 

constructed by : 

— Pi > - Ps — P2 is pushout of Pi — Pq > - P2 in Sets. 

— Ti — T3 -<d-f — T2 is pushout of Ti — Tq — in Sets. 

9 f T' 

— SPECi ^ SPECs ^ SPEC2 is pushout of 

SPECi SPECo SPEC2 in ASPEC. 

— Signatures with variables are given for each transition, so we have to 
construct them with respect to the pushout T3 of transitions. Because 
pushouts in Sets are jointly surjective we have: 

1. ts G Ts is obtained from T2 and is not in the interface Tq 

2. ts G Ts is obtained from Ti and is not in the interface Tq 

3. ts G Tq is obtained from the interface Tq 

03t3 

For each G T3 we construct E3 ^ Eq using pushouts in ASIG: 

For g'-piti) = ts G Tq and ti ^ /r(Tb) we have the pushout PO 1 . 

For fxih) =tsGT3 and ^2 ^ 5r(Fo) we have the pushout PO 2 . 

For g'p o frito) = /p o gxito) = ts GT3 we have the pushout PO 3 . 















9s 


PO 1 


94 , f s 


PO 2 


f' 4 , 9s°fs 


PO 3 






' 




' 


’ ' 



Es El^ E3 El^ E3 El^ 

^*3 3 t3 J t3 J 



is well-defined due to the pushout properties of Tq. 



— Pushout properties of T3 yield 

pres, posts ■ T3 ^ Aet(f/^t3 (T^ta) x P3) and 

conds ■■ Ts ^ Pfin{Cond{E^s)). 

- f = ifpJTJ's) and g' = {g'p , g'r , g's) are well-defined, that is they 
satisfy the conditions 0 to 0 for HLAPN-morphisms in Definition n~T1 : 

“^3^ 3 

1. preservation of variables is due to the construction of Es ^ E^ 

2. compatibility of pre and post domain 

is due to the induced pushout morphisms pres and posts 

3. compatibility of firing conditions 

is due to the induced pushout morphisms conds 
Next we check the pushout properties: 

Given a high-level abstract Petri net A4 and two morphisms /* = (/p, /p, /!;) 
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and g* = {gp, 9 x 1 9s)^ such that f* ° g = g* o f, then the induced pushout 
morphism k = {kp,kp,kE), where kp, kp and ks are the induced mor- 
phisms of the components P 3 , T 3 and SPEC 3 . 

k is well-defined with respect to the conditions^to^for HLAPN-morphisms 
in Definition o 

1. Preservation of variables: 

Let t 2 &T 2 , /r(^ 2 ) = ^36 T 3 , and fx{t 2 ) =^46 T 4 , then for each ^2 we 
have in ASIG: 



( 1 ) is pushout due to morphism /' and k^ is induced by pushout ( 1 ). 
The outer square is pushout due to morphism /*. (2) commutes, thus 
by pushout decomposition property the square (2) is pushout as well. 
The same holds for each ti G Ti. 

2. Compatibility of pre- and postdomain: 

kins = (TTfc^ o U^tsieval)) x kp with eval : T ^*3 ^ Vk^{T^u) is 

given and commutes the squares, because T 3 is pushout. 

3. Compatibility with firing conditions: 

kcond = V{Cond{k^)) is given and commutes the squares, because T 3 is 
pushout. 

Uniqueness of k is obtained by uniqueness of kp, kp and kp;. 

B.3 Proofs of Theorems Concerning Rule-Based Refinement 

These proofs rely on the one hand on those theorems stating that the HLR- 
conditions are sufficient to show the results for HLR-systems in general. On the 
other hand they rely on the satisfaction of the HLR-conditions in Definition EEl 
by abstract Petri nets, i.e. for the category HLAPN. 

(Proof of Theorems |7|EI0[3 and^) 

Church-Rosser Theorem I 

In Theorem 4.3 in [EHKPflrEj and Theorem 4.5 in |Padlfflh| 
Church-Rosser Theorem II 

In Theorem 4.4 in |EH K PfiTE) and Theorem 4.7 in |Padlfflh| 
Parallelism Theorem 

In Theorem 4.6 in |EH K PfirEj and Theorem 4. 1 1 in [Pad fill b| 

Fusion Theorem In Theorem 3.4 in fPLb.fifij and Fact 5.4 in [Padfifibj 
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Union Theorem In Theorem 3.7 in and Fact 5.8 in 

It remains to verify the HLR-conditions (see Definition for the category 

HLAPN. 

Lemma 5 (HLAPN satifles HLR-conditions). 

Proof. The proof uses the existence and decomposition of pushouts (see The- 
orem 0 and Corollary Q , the assumed existence of pullbacks of Al-morphisms 
(see Lemma 0 and the satisfaction of the HLR-conditions by the high-level 
replacement system (ASPEC, AIaspec)- 

1. Existence of A4 -pushouts is due to finite cocompleteness of HLAPN (see 
Theorem 01 ). 

2. Existence of A4 -pullbacks due to assumption. 

3. Inheritance of M is due to the corresponding HLR-property of the compo- 
nents, that is given in Sets and is assumed in ASPEC. 

4. Existence of binary coproducts is due to finite cocompleteness and the cor- 
responding HLR-property of the components, that is given in Sets and is 
assumed in ASPEC. 

5. Monomorphism condition is due to the corresponding HLR-property of the 
components, that is given in Sets and is assumed in ASPEC. 

6. Ai-pushouts are pullbacks is due to the corresponding HLR-property of the 
components, that is given in Sets and is assumed in ASPEC, and the 
decomposition of pullbacks of high-level abstract Petri nets (see Lemma EJ . 

7. M-pushout-pullback-decomposition is due to the corresponding HLR- 
property of the components, that is given in Sets and is assumed in ASPEC, 
and the decomposition of pullbacks of high-level abstract Petri nets (see 
Lemma 0 . 



Lemma 6 (Pullbacks of A4-Morphisms in HLAPN). The category 
HLAPN has Ai-pullbacks, that are pullbacks of At -morphisms, if 

— the cube-pushout-pullback-lemma (see ^EHKP91t^ ) holds in ASIC, 

— The left-adjoint F -\ G with Net = G o F preserves pullbacks of injective 
morphisms 

— ASIG has A4 asig -pullbacks, we have inheritance o/AIasig under pushouts 
and pullbacks, and 

— the construction of the term algebra T^, the functors Us ■ Cat(S) ^ 

Sets and Gond : ASIG ^ Sets preserves pullbacks of injective mor- 

phisms. 

Proof. Given the HLAPN-morphims / : Ni ^ Nq and g : N 2 ^ Aq 

with / = ifp,fT,fE) eM and g= {gp,gT,9s) £ M\ 
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Then there are the pullbacks 



Pi P3 P2 of Pi Po P2 in Sets 

Pi Ta — ^ T2 of Ti — ^ To "72 in Sets 

Ti P3 Z'2 of Pi Po P2 in ASIG 

Thus we can construct the following di- 
agram in ASIG for each G T3 P3 ^ P2 



with g'rpita) =ti €Ti, f^ita) = ^2 G T'2, 
and fr o = gr ° fr^) = G To 

Where the front and the right square are 
pushouts due to the translation of vari- 
ables, and the back and the left square 
are constructed below. All morphisms of 
the top square are in AIasig, due to the 
inheritance of AIasig under pullbacks. 

Since the front and the right squares 
are pushouts, and we have inheritance 
of AlASiG-niorphisms under pushouts, 
also ^ and ^ P*“ are in AIasig- Due to existence of 

AIasig pullbacks in ASIG, there is and due to inheritance of AIasig 
the bottom square consists of AJasig morphisms. Summarizing we have: The 
top-square is a pullback and all morphisms are in AIasig- The front and right 
diagram are pushouts and the bottom square is also a pullback. Using the cube- 
pushout-pullback- lemma (see pHHKP.91bl[Pa,d98j l we conclude, that the left and 

the back square are pushouts as well. Thus the construction P3 ^ P|^ is 

well-defined for each ts G T3. 

This leads to the situation depicted in the following diagram. Due to the 
fact, that F preserves Al-pullbacks, also Net preserves Al-pullbacks. Further- 
more, we assume that the term algebra construction Ts and the functors Us '■ 

Gat(S) ^ Sets preserves injective pullbacks. Thus the right square is a 

pullback in Sets and pre^ and post^ are the induced pullback morphisms, so 
they are well-defined. 
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Furthermore we have in the following diagram the construction of the term al- 
gebra Tj;, the functors C/u : Cat(I]) ^ Sets and Cond : ASIG ^ Sets 

preserves pullbacks of injective morphisms. 




As the Pfin functor preserves injective pullbacks and Cond : ASIG ^ 

Sets preserves pullbacks of injective morphisms by assumption, Vfin{Cond{S*^)) 
is pullback in Sets and condS is the induced pullback morphism. 

Thus we can construct the pullback of / : Ai ^ Nq and g : N2 ^ Nq: 

N3 = (PsjTs, SPECs^Var^, pres, posts, conds) 

with the components as defined above. 

The pullback morphisms are given by the pullback morphisms of the components, 

r = ifpJTJ's) ■■ Ns^ N2 and g' = {g'p, g'^, g's) ■ Ns N,. 

The pullback properties are obtained from the pullback properties of the com- 
ponents. 



Gorollary 2 (Decomposition of Pullbacks). Given a pullback of Ai- 
morphisms in HLAPN the components are pullbacks of injective morphisms 
in Sets and pullbacks of A4 asig -' m-orphisms in ASIG. 
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Abstract Starting from the algebraic view of Petri nets as monoids 
(as advocated by Meseguer and Montanari in |MMh()) i we present the 
marking graphs of place transition nets as free monoid graphs and the 
marking graphs of specific elementary nets as powerset graphs. These 
are two important special cases of a general categorical version of Petri 
nets based on a functor M, called M-nets. These nets have a composi- 
tional marking graph semantics in terms of F-graphs, a generalization 
of free monoid and powerset graphs. Moreover we are able to charac- 
terize those F-graphs, called reflexive F-graphs, which are realizable by 
corresponding M-nets. The main result shows that the behavior and re- 
alization constructions are adjoint functors leading to an equivalence of 
the categories MNet of M-nets and RFGraph of reflexive F-graphs. 
This implies that the behavior construction preserves colimits so that 
the marking graph construction using F-graphs is compositional. 

In addition to place transition nets and elementary nets we provide other 
interesting applications of M-nets and F-graphs. Moreover we discuss the 
relation to classical elementary net systems. The behavior and realiza- 
tion constructions we have introduced are compatible with corresponding 
constructions for elementary net systems (with initial state) and elemen- 
tary transition systems in the sense of |NBT92j . 

Keywords: place/transition nets, elementary nets, uniform approach, 
realization problem, category theory 



1 Introduction 

Petri nets are the most common approach to model concurrent and distributed 
systems within the true concurrency paradigm. Concurrency is considered to be 
a primitive notion modeled by the concurrent firing of transitions. This behavior 
is given by marking, case, or occurrence graphs. These graphs describe the re- 
lation between markings and the firing of transitions. The corresponding graph 
consists of nodes that represent markings and arcs that represent the firing of 
enabled transitions. On the other hand it is useful to characterize those graphs 
which realize the behavior of Petri nets. This realization problem was solved for 
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elementary transition system, a restricted kind of graphs, yielding elementary 
net systems in mm- The behavior and realization construction have been 
given as adjoint functors between the corresponding categories. 

In this paper we take the general idea of but consider Petri nets 

without initial state. We use category theory to define an abstract notion of 
Petri nets based on a functor M. For these abstract Petri nets, called M-netfl 
we can give a functorial semantics by F-graphs, a suitable generalization of the 
marking graph. On the other hand we can characterize those F-graphs that 
are realizable as M-nets. The main result shows that the behavior construction 
for M-nets and the realization construction for F-graphs is given by a pair of 
adjoint functors. Since the behavior functor is left adjoint it preserves pushouts 
and general colimits. This means that the marking graph construction using 
F-graphs is compositional. Note, that this fails to be true using ordinary graphs. 

In the next section we present place/ transition nets as well as F-graphs and 
state the main results concerning behavior and realization. In fact, these results 
and their proofs are given in a more abstract way in Section 0 where M-nets and 
their behavior as F-graphs are introduced. The construction of adjoint functors 
and the compositionality results are shown. In Section 0we offer different kinds 
of place/ transition nets and elementary nets being special cases of M-nets and 
F-graphs. This leads to new behavior and realization results as a corollary of 
the general theory. Compatibility between this approach concerning elementary 
nets and the approach using regional constructions in [NRT92j is discussed in 
Section 0 

Related work follows mainly two lines of research. Starting from the fun- 
damental work in [ER,9n | and later in the realization problem has been 

studied in several net classes. An overview is given in EHSHI. The basic idea 
is to use regions of graphs in order to represent extensions of places of the cor- 
responding nets. Recent work emphases its application to distributed 

software and distributed control. In this volume the paper is concerned 

with the realization problem for reactive systems. 

The other line of research concerns approaches to a uniform description of 
Petri nets, where this volume is expecially devoted to. These approaches stem 
from the influential paper by Meseguer and Montanari [IVI IVI90] . There have been 
extensions towards partial algebras [.Iuh99|l ).M Dij . and the combination with 
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institutions 
nets has been introduced. 



. In [I )K PSDfj a similar approach to elementary 
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For historical reasons we have preserved the main structure of the report 
EEEOl. But the material is presented in a condensed form and a comparison 
with recent related work has been provided. 

2 Place/Transition Nets and Free Monoid Graphs 

Subsequently we introduce an algebraic formulation of place/transition nets in 
the sense of Meseguer and Montanari |M MhOj . and graphs with free monoids of 
edges and nodes, called free monoid graphs, short FM-graphs. In both cases we 
define morphisms leading to categories PT and FMGraph. We give an example 
how to compose place/transition nets using pushouts in the category PT and 
how to construct the marking graph semantics using pushouts in FMGraph. 
However, these are not pushouts in the category Graph of graphs. Moreover we 
characterize those FM-graphs, called reflexive FM-graphs, which are realizable 
as place/transition nets. The concept of place/ transition nets and FM-graphs 
is a special case of M-nets and F-graphs in the theory of categorical Petri nets 
developed in Sectional As special cases of the general results we obtain: 

1. There is a compositional construction of place/transition nets using pushouts 

in PT. 

2. The marking graph construction of place/transition nets is defined in terms 
of FM-graphs. 

3. The marking graph construction is compositional, that is a functor MG : 
PT — )► FMGraph preserving pushouts and coproducts. 

4. There is a subcategory RFMGraph of reflexive FM-graphs and a realization 
functor R : RFMGraph -4 PT that is left and right inverse to the marking 
graph construction. 

5. An F-graph G is realizable by a place/transition net TV, i.e. MG{N) = G, if 
and only if G is reflexive. 

Definition 1 (Gategory PT of Place/Transition Nets). 

The category PT consists of place /transition nets N = (T 

as objects, where T (transitions) and P (places) 
are sets, P® is the free commutative monoid 
over P and pre,post : T — >■ P® denote the pre- 
and post-domain of each transition. It 

Morphisms f \ N\ ^ N 2 are tuples of functions ' 

/ = (/t : Ti — >■ T 2 , /p : Pi — ?> P 2 ) such that the 
subsequent diagram commutes: 

Remark 1 (Morphisms). In contrast to |MM9flj we only admit functions fp : 
Pi — >■ P 2 ■ Hence we use freely generated homomorphisms f® : P® — >■ P® instead 
of general homomorphisms fp : P® — > P®. This restriction allows arbitrary 
colimits in the category PT that are constructed componentwise in the category 

Set. 



pre 

post 

prei 

posti 

pre2 

pOSt2 



P®) 
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pre 

Remark 2 (Marking Graph). Given a place/ transition net N = {T Z P®) 

post 

then the marking graph MG(iV) of iV is a free monoid graph 
MG(7V) = ((T+P)® P®) 

t 

with edges (P+P)® and vertices P®. Then for e G (T+P)® given by the linear 
sum e = X)r=i with G T l±l P and Ai G N we have s(e) = X)r=i s{ei) 

with s{ei) = pre{ei) for ei € T and s(e) = for G P. 

Next we give the category FMGraph of free monoid graphs, consisting of 
graphs whose nodes and edges have a free monoid structure. 

Definition 2 (Category FMGraph). 

The category FMGraph of free monoid graphs consists of free monoid graphs 

G = (P® ^ F®) where E and V are sets of basic edges and vertices. 

t 

P® and F® are free commutative monoids over 
E and V defining general edges and vertices. 

And s,f : P® F® are homomorphisms defin- 
ing source and target of edges. 

The morphisms in FM-graphs / : Gi — >■ G 2 are 
given by a tuple of functions f = {fs '■ Pi — t 
E 2 , fv '■ F. — >■ F 2 ) such that the following dia- 
gram commutes with /® and /® being induced 
by the free construction (-)®.' 

For the formal descriptions and theorems concerning behavior and realization 
as presented at the beginning of this subsection we refer to Sections 0and2l The 
following example illustrates the compositionality of the behavior constructions 
using free monoid graphs. 

Example 1 (Gompositionality of Marking Graph Gonstruction) . 

In Figure [Dthe pushout in the category PT describes the union N4 of the 
nets N2 and N3 with respect to the interface N1 where the arrows are the obvious 
inclusions for the transitions and places. 

The marking graphs Ml, ..., M4 of Nl, ..., N4 are given in Figure El Note that 
the marking graph, i.e. the graph of all possible markings of a place/transition 
net is infinite. Thus Figure 0 merely illustrates a finite part of the corresponding 
marking graphs. Nodes without adjacent arcs are simply markings enabling no 
transition. Arcs with inscriptions like p3 © t2 denote the firing of t2 where one 
token remains on p3. Inscriptions like t2 © t3 denote the concurrent firing of t2 
and t3. All places are equipped with loops inscribed with their name. For place 
pi this loop has been made explicit. 

The marking graphs Ml,...,M4ofNl,...,N4 form a pushout in the category 
FMGraph of free monoid graphs. But this is not a pushout in the category 

S 

Graph of graphs E Sr F in the classical sense where morphisms are given 



Ef ^ F® 



Ef 



t2 



F® 



t 
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Figure 1. Pushout of place /transition nets 



by functions fs '■ Ei ^ E2 and fv -Vi ^ ^2 defined on all edges and nodes and 
not only on the generators. 

In fact the edge t2 © t3 in M4 has neither a preimage in M2 nor in M3 as it 
would be the case for a pushout in the category Graph. 



3 The Behavior and Realization Problem for Petri Nets 
in a Categorical Framework 

In this section we introduce a categorical version of Petri nets, called M-nets, 
because these nets are based on a functor M, which is the composition of a free 
functor F and a forgetful functor U. Place/Transition nets and elementary nets 
introduced in Section El are special cases of M-nets. On the other hand we in- 
troduce F-graphs generalizing free monoid- and powerset graphs. The behavior 
problem for M-nets is solved by giving a compositional marking graph construc- 
tion for M-nets in terms of F-graphs. Vice versa we characterize those F-graphs 
which admit a realization in terms of M-nets. These F-graphs are called reflexive 
F-graphs. The realization problem is solved by showing that we obtain a real- 
ization functor being a left and right inverse to the marking graph construction. 
The marking graph construction for M-nets is closely related to the free functor 
between the categories Petri (Petri nets) and CMonRPetri (reflexive commu- 
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Figure 2. Pushout of marking graphs 



tative monoid Petri nets) given in [IMMQn| , but our realization functor is essen- 
tially different from the corresponding forgetful functor from CMonRPetri to 
Petri. 

Applications of M-nets and F-graphs to various kinds of place/transition and 
elementary nets, especially those considered in Section 0 are given in Section 0 
and summarized in Subsection n~rni 



236 Julia Padberg, Hartmut Ehrig, and Grzegorz Rozenberg 



Definition 3 (General Assumption for BASE and CAT). 

We assume to have two categories BASE and CAT , called base and struc- 
tured category, and functors U : CAT BASE and F : BASE — >■ CAT, 
called forgetful and free functor, where F is left adjoint to U with universal 
morphisms ub '■ B ^ U o F{B) for all objects B in BASE. The composition 
M = U o F : BASE BASE is called marking functor, because M{B) corre- 
sponds to the set of all markings over B in all our examples of Petri nets. 

Moreover, we assume that the base category BASE has colimits, especially 
pushouts and coproducts. 

Based on thes categories and functors we now can define M-nets. 

Definition 4 (M-net). 

An M-net N = (T, P,pre,post) is given by objects T and P in BASE, called 

pre 

transitions and places, and BASE morphisms T ^ M{P), called pre- and 

post 

post-domain of each t G T. 



Definition 5 (Category MNet). 

Given M-nets Ni = (fPi, Pi,prei,postf) with {i 

f : Ni ^ N2 is given by a pair f = (fx, fp) of 
BASE morphisms fp ■ Ti ^ T2, fp : Pi ^ P2 
such that the following diagram commutes sep- 
arately for pre- and post-domain, i.e. M{fp) o 
prei = pre20 fp and M{fp)oposti = post2 0 fp. 



1,2) an M-net morphism 

prei 

Ti^^M{Pi) 

M(fp) 




pOSt2 



Lemma 1 (Cocompleteness of MNet). 

The category MNet has colimits which are constructed componentwise in the 
base category BASE. 

Proof. Follows directly from the fact that BASE has colimits which allows com- 
ponentwise construction of colimits in MNet. 

Note that it is not necessary to assume that M preserves colimits. 

Next we introduce F-graphs and the corresponding category. 

Definition 6 (F-graphs). 

1 . An F-graph G = {F{E), F{V), s,t) is given by objects F{E) and E{V) in 
CAT, called edges and vertices, for objects E and V in BASE, called base 

S 

edges and base vertices, and C AFT -morphisms E{E) ^ B(y)> called 

t 

source and target ofG. 

2. Given F-graphs Gi = (F^Ef), F{Vi), Si,ti) for {i = 1,2) then a F-graph 
morphism f : Gi ^ G2 is given by f = {fpify) 0/ BASE morphisms 
fp'.Ei^ E2 and /y : Vi — >■ V2; such that the following diagram commutes 
separately for source and target. 
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3 . 

I 



F(Si) 

PUe) 

Y 

F{E2) 



*2 



: F{Vi) 

F{fv) 

: F{V2) 



The category FGraph consists of F-graphs as objects and F-graph mor- 
phisms as morphisms. 

The category of base grapphs BaseGraph is the category FGraph with F 
as the identity functor F = Id : BASE — >■ BASE. The forgetful functor 
Up ■ FGraph — t> BaseGraph is defined by Uf{ (F{F), F(V), s,t) ) = 
{U{F{F)),U{F{V)),U{s),U{t)) and Up{ UeJv) ) = (C/(/is), C/(/v)). 



For BASE = Set we obtain the usual graphs as base graphs BaseGraph = 
Graph. 



Lemma 2 (Gocompleteness of F-graphs). 

The category FGraph has colimits that are constructed componentwise in 
the base category BASE, but in general they are not preserved by the forgetful 
functor Up '■ FGraph — BaseGraph. 



Proof. Follows directly from the fact that BASE has colimits and that the free 
functor F preserves colimits. U o F does not preserve colimits in general, if 
U : GAT — BASE does not preserve them. Since U is a right adjoint functor 
we cannot expect that colimits are preserved. 



Definition 7 (Marking Graph of M-nets). 

Given an M-net N = (T, P,pre,posf) the marking graph MG{N) of N is the 
following F-graph: 

MG{N) = {F{T-\- P),F{P),s,t) 

where T P is the coproduct of T and P in BASE and s = {pyre, idp(^p)) : 
F{T -b P) — >■ F{P), and t = {post,idp^p)) : F{T + P) — P(P) are uniquely 
defined by: 

U {pre) o Up = pre and U {post) o up = post 

Remark 3. MG(A) is well-defined because the free functor P preserves coprod- 
ucts so that we have F{T -|- P) = F{T) -\- F{P). This means that s and t are 
uniquely defined by the universal morphisms pre, post : F{T) — >■ F{P) and 
idp(^P) : F{P) — >■ F{P), where pre, post are induced morphisms of pre, post : 
T^U{F{P)). 

Now we are able to formulate and proof the first main theorem stating the 
marking graph functor MG(A) to be cocontious. 

Theorem 1 (Gompositionality of Marking Graph Gonstruction). 

The marking graph construction MG{N) of an M-net N can be extended to 
a functor MG : MNet — > FGraph that preserves colimits. 
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Proof. The construction MG is extended to morphisms in the following way: 

prei 



:M(Pi) 



F(Ti + Pi) 



P(Pi) 



It 





posti 










(1) 


M(/p) 


Fifr+fp) 


(2) 


Y 


prc2 ' 






' S2 ’ 



F{fp) 



pOSt2 

MG : MNet 



:M(P2) 



F{T 2 + P 2 ) 



*2 



F{P2) 



FGraph 



We have to show that commutativity of (1) implies that of (2). 



Let iriix '■ F{Ti) F{Ti) + F{Pi) = F{Ti + Pi) and inip : F{Pi) 
F{Ti) + F{Pi) = F{Ti + Pi) be the coproduct injections then standard reasoning 
allows showing in diagram (2) 

1. F{fp) o o iriip = 52 ° F{fp + fp) o and 

2. F{fp) o Si o im p = s2 o F{fx + fp) o inlp 

Then we can conclude F{fp) o si = S 2 o F(fT + fp). 

A similar reasoning for the T-component implies commutativity of (2). Hence 
MG is a functor. Golimits in the category MNet and in the category FGraph 
are constructed componentwise in the base category BASE (see Lemma [Hand 
LemmaEI). And colimits in BASE are preserved by the coproduct T+ P, hence 
MG preserves colimits. 

Now we introduce reflexive F-graphs to be those F-graphs, where the edges 
E are given as an coproduct of the basic vertices V and some other basic edges 
Eq. This corresponds to the transitions in Definition 0 of marking graphs. In 
fact, all the marking graphs in Figure are reflexive free monoid graphs. 

Definition 8 (Reflexive F-graphs). 

An F-graph G = {F{E),F(V),sA) is called reflexive, if there is a unique 
(up to isomorphism) eoproduet complement Eq of E in eategory BASE such 
that Eq + V = E and there are unique functions s',t' : E{Eq) E(V) with 
s = {s' ,idp(y)) and t = {t' ,idp(y)) . 

Example 2 (Reflexive F-graphs). 

The notion of reflexive F-graphs coincides with reflexive free monoid graphs 
defined in Section 0 if we specialize F-graphs as shown in Example 14. 1 1 Note 
that coproduct complements Eq of E in the base category Set are unique up 
to isomorphism in general, and in the case V Q E we have a unique canonical 
choice Eq = E \ V. In general we only need an injective function i : V ^ E in 
order to have a coproduct complement Eq = E \ i{V). 
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Theorem 2 (Realization of Reflexive F-graphs). 

There is a subcategory RFGraph of F-graphs and a realization functor 
R : RFGraph — ^ MNet which is left and right inverse to the marking graph 
construction. 

Proof. Let RFGraph be the subcategory of F-graphs consisting of reflexive 
F-graphs (see Definition |B|) and reflexive F-graph morphisms f = {fE,fv) '■ 
G\ — )> G 2 which means that we have a unique (up to isomorphism) coproduct 
complement fso of fs in BASE such that /sp + fv = fs- From the marking 
graph functor construction in Definition 0 it follows that MG can be restricted 
to a functor MGq : MNet — ?> RFGraph. 

The following construction of R : RFGraph — > MNet is left and right inverse 

s pre 

to MGo with R : F{Eo -b V) ^ F{V) 1 — ^ Eq ^ M(F) 

t post 

ifEo + fv,fE) I )■ ifEO^fE) 

where s = {pre, idpcv)) and t = {post, idp^v)) as well as pre and post are defined 
by 

pre = U {pre) o ut and 
post = U {post) o Ut 

Similar to the proof of Theorem Q we can show that R is a well-defined functor. 

Moreover, we have R(MG(7V)) = N for each M-net N and MG(R(G)) = G 
for each reflexive F-graph G and a similar properties for morphisms in the case 
of unique coproduct complements. This shows that R is left and right inverse to 
MGq. If the coproduct complements are unique up to isomorphism the equalities 
above have to be replaced by isomorphisms. 



Corollary 1 (Unique Realization). 

An F-graph G is realizable by an M-net N, i.e. MG{N) = G, if and only if 
F is reflexive. 

This follows from Theorem|5|and the fact that MG{N) is reflexive (see Defini- 
tion 0 . The realization functor R : RFGraph — MNet is left and right inverse 
to MGq : MNet — >■ RFGraph according to the proof of Theorem El This means 
especially that R is right adjoint and right inverse to MGq and hence a minimal 
realization in the sense of Otherwise R is also left adjoint and right 

inverse to MGq, i.e. a maximal realization. The fact that R is also left inverse 
to MGo, he. R o MGq = f^DMNet, shows that the realization is unique up to 
isomorphism, i.e. MG(Ai) = MG(iV 2 ) implies iVi = N 2 . 

This fact shows that the marking graph construction does not forget any kind 
of property of M-nets, similar to the construction of all processes as behavior 
for an elementary net system (see inniHzi). In categorical terms this means that 
the categories MNet and RFGraph are equivalent or even isomorphic in the 
case of unique coproducts and coproduct complements in BASE. 
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On the other hand there is also a natural isomorphism between the categories 
MNet and FGraph defined by the adjunction of morphisms T — >■ M(P) in cat- 
egory BASE and F{T) — ?> F(P) in category CAT. This leads to the interesting 
conclusion that also the categories FGraph and RFGraph are equivalent, al- 
though the inclusion I : RFGraph FGraph is not an equivalence in general. 
This is no contradiction, but similar to the fact that the set 2N of all even nat- 
ural numbers is properly included in the set N of all natural numbers but also 
in bijective correspondence with N. 



4 Behavior and Realization of Place/Transition Nets 
and Elementary Nets 

In this section we investigate several different Petri nets that fit into the frame- 
work of M-nets and F-graphs. Especially we reconsider place/transition nets 
introduced in Section |2| and obtain the behavior and realization constructions 
proposed in Section |21 as special case of the general theory in Section 0 



4.1 Place/Transition Nets as M-nets 

Let BASE = Set, the category of sets and functions, CAT = CMon where 
CMon is the category of commutative monoids, U : CMon — ?> Set the forgetful 
functor and F : Set — ^ CMon the free commutative monoid construction. Then 
M(P) = P® is the base set of the free commutative monoid over P. So an M-net 
is a place/transition net in the sense of IMM9UI and of Definition 0 Clearly the 
base category has colimits, especially pushouts (gluing of sets via functions) and 
coproducts. The marking graph of a place/transition net is given by the marking 
graph functor MG : PT FMGraph, where the marking graph construction 
has already been discussed in Section El 



4.2 Construction of the Marking Graph of Place/Transition Nets 

The marking graph functor MG : PT — >■ FMGraph is given for a place/tran- 
sition net N = (P,T,pre,post) with: 



{pre,id) 

MG(A) = ( (T-I- P)® ^ P® ) 

(post, id) 



where T+P is binary coproduct in Set and (pre, id) (respectively {post, id) is 
the universal coproduct morphism, consisting of the extension to the free monoid 
pre (respectively post) and the identity. 

The next important result of M-nets is the characterization of realizable free 
monoid graphs. 
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4.3 Realizable Free Monoid Graphs 

The subcategory RFMGraph of reflexive free monoid graphs is realizable. A 
free monoid graph G = {E, V, s, t) is reflexive if there exists a set Eq of edges so 
that: 

(F® V®) = {{Eo + V)® F®) 

’’ (to, id) 

with (A® F®). 

*0 

Next we consider another variant of place/transition nets, called place/tran- 
sition group nets, short PT-G nets. These nets allow negative tokens. This 
variant is especially interesting when computing invariants in a categorical way 
. Using capacities PT-G nets clearly can be reduced to usual place/tran- 
sition nets. 



4.4 PT-G nets as M-nets 

Let BASE = Set and GAT = CGroup where G Group is the category of 
commutative groups, U : CGroup — >■ Set the forgetful functor and E : Set — 
CGroup the free commutative group construction. Thus we obtain PT-G nets 

pre 

T P® where P is the base set of the free commutative group P{P) = P® ■ 

post 

These have been studied in |MM90j . We so obtain the category PTG of PT-G 
nets. 

The marking graph construction is given by MG : PTG — > FGGraph, 
where FGGraph is the category of free group graphs with objects G — 

(E® i P®) and is constructed like the marking graph of place/transition 

t 

nets. 

Realizable free group graphs are characterized by the subcategory 
RFGGraph of reflexive free group graphs. 

4.5 Main Results for Specific Place/Transition Nets 

Application of the general results in Section Elleads to the following main result. 
Corollary 2. Main Results for Place/ Transition Nets and PT-G nets 

1. There is a compositional construction of place/transition nets (and PT-G 
nets) using pushouts in the category PT (and PTGj. 

2. The marking graph construction of place /transition nets (and PT-G nets) is 
defined in terms of free monoid graphs (and of free group graphs). 

3. The marking graph construction is compositional, i.e. a functor MG : PT — 
FMGraph (and MG : PTG FGGraph j that preserves pushouts and 
coproducts. 
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4-. For the category FMGraph (and FGGraphj there is a subcategory 
RFMGraph (and RFGGraphj of reflexive place/transition nets (and PT- 
G nets) and a realization functor R : RFMGraph — >■ PT (and R : 
RFGGraph — ^ PTG^ that is left and right inverse to the marking graph 
construction. 

5. A free monoid graph (free group graph) G is realizable by a place/transition 
net (PT-G net) N, i.e. MG{N) = G, if and only if G is reflexive. 

Proof. Assumption El is satisfied for place/ transition nets (see Definitional as 
well as PT-G nets (see Definition 14.411 . Thus Lemma [D yields Itemd Definition 
□yields Item|3 Theorem d yields ItemEl Definition 0 and Theorem □ yield Item 
El and Corollary El yields ItemEl 

4.6 Specific Elementary Nets as M-nets 

We now introduce two variants of elementary nets, which are less restricted than 
the usual elementary nets. For this purpose we first give the notions of additive 
and distinct additive functions. 

Definition 9 (Additive and Distinct Additive Functions). 

An additive function f : V{A) 'P(B), where V is the powerset construc- 
tion, is a function so that for all A' Q A we have f{A') = UaeA' /(a)- 

A distinct additive function f : V{A) — >■ V{B) is a function so that for all 
A' Q A we have: 



This gives rise to two categories of powersets with additive and with distinct 
additive functions respectively. 

Definition 10 (Gategory PSet of Powersets). 

The category PSet of powersets consists of the class of all powersets V{A) 
as objects and of additive functions f : V{A) V{B) as morphisms. 

Definition 11 (Category DPSet of Distinct Powersets). 

The category DPSet of distinct powersets consists of the class of powersets 
V{A) as objects and of distinct additive functions f : V{A) 'P(B) as mor- 
phisms. 

To obtain the results achieved for M-nets and F-graphs in Section El we now 
have to show that V : Set PSet and V : Set DPSet are left adjoint with 
respect to the corresponding inclusion functors. 

Lemma 3 (Left Adjointness of Powerset Functors). 

1. The powerset functor V : Set — > PSet is left adjoint to the inclusion functor 



f{A') 




UaGA' /(«) ; */ a' G A' : a ^ a' A f{a) n /(o') = 0 



; else 



I : PSet — Set. 
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2. The distinct powerset functor V : Set DPSet is left adjoint to the inclu- 
sion functor I : DPSet — ^ Set. 

Proof. 1. For each / : A — >■ V{B) in Set there is inclA ■ A — P(^) with 
inclA{a) = {a} and we obtain / : 'P(A) — P{B) in PSet with: 

7{A') = UaGA' /(“) foi' each A' C A 
so that f{inclA{a)) = f{a) = f{a) for all a G A. 

2. Analogously with / : V{A) — >■ V{B) in DPSet is defined for each Af C A\ 

f{A') = I /(«) ;^a,a' G A' : a a' /(a) n /(o') = 0 
[ 0 ; else 



4.7 Elementary Nets with Loops 

Let the categories BASE = Set, and CAT = DPSet be given as well as the 
functors U = I : DPSet — Set, and F — V : Set — DPSet. Then M(P) = 

pre 

V{P) so that an M-net is given by A = ( T ? B{P) ). As in elementary 

post 

net systems (see Definition IT^ the amount of tokens on each place is less or 

S 

equal one. The corresponding F-graph is given by G = ( P{E) B{V) ) 

t 

where s and t are additive functions. In this case the category M-nets is called 
category ENL of elementary nets with loops 0 and the category of F-graphs is 
called category DPGraph of distinct powerset graphs. 

This kind of elementary nets has less or equal one token 
on each place and the marking graph models the usual 
firing. But in contrast to usual elementary net systems 
replacing a token on a place that is in the pre- and post- 
domain of a transition is admitted. Hence we have loops. 

The net of Figure Olin case pO, pi does not admit firing 
in usual elementary net systems. But in elementary nets 
with loops firing of the transition t is allowed where pO 
can be considered as a loop. For this reason these nets 
are called elementary nets with loops. 




Fig. 3. Elementary 
net with loops 



4.8 Unsafe Elementary Nets 

Let the categories BASE = Set, and CAT = PSet be given as well as the 
functors U = I : PSet Set, and F = V Set — >■ PSet the powerset functor. 

However, the marking graph construction in this case (see Definition mod- 
els unsafe firing, i.e. firing of a transition even if there are tokens on some place in 

2 In these net have been called contextual elementary nets, leading to confu- 

sion with contextual nets in the sense of [M H,94IM K,if5| . Concurrent use of a token on 
a contextual place is forbidden in our notion of nets, whereas it is the main feature 
of contextual nets by Montanari and Rossi. 
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the post-domain of the transition. Moreover, transitions can fire in parallel even 
if they share some places in the pre-domain. For this reason M-nets are called 
unsafe elementary nets in this case and the corresponding category is called cat- 
egory of unsafe elementary nets, written UEN. The F-graphs in this case are 
called powerset graphs and the category is denoted by PGraph. 



4.9 Main Results for Specfic Elementary Nets 

Since the above defined elementary nets are a special cases of M-nets we obtain 
the following results: 

Corollary 3 (Main Results for Elementary Nets with Loops and Un- 
safe Elementary Nets). 

1. There is a eompositional eonstruetion for elementary nets with loops and for 
unsafe elementary nets using pushouts in the eategory ENL (and UENj. 

2. The marking graph eonstruetion of elementary nets with loops and unsafe 
elementary nets is defined in terms of distinct powerset graphs (and powerset 
graphs). 

3. The marking graph construction is compositional, i.e. a functor MG : 
ENL DPGraph (and MG : UEN PGraph^ that preserves pushouts 
and coproducts. 

4-. For the category DPGraph (and P Graph j there is a suhcategory 
RDPGraph (and RPGraphj of reflexive distinct powerset graphs (and re- 
flexive powerset graphs) and a realization functor R : RDPGraph — > ENL 
(and R : RPGraph — UEN^ that is left and right inverse to the marking 
graph construction. 

5. A powerset distinct graph (powerset graph) G is realizable by an elementary 
net with loops (and a unsafe elementary net) N , i.e. MG{N) = G, if and 
only if G is reflexive. 

Proof. The assumptions in Definition 0 are satisfied for elementary nets with 
loops (see Subsection 14.711 . and for unsafe elementary nets (see Subsection 14.811 . 
Thus Lemma m yields Item^ Definition Q yields Item|21 Theorem Q] yields Item 
0 Definition |S| and Theorem El yield Item 21 and Corollary 2] yields Item 21 



4.10 Summary (Applications of M-nets and F-graphs) 

The constructions and results of SectionEland Section21as applications of Section 
El are summarized together with their in Table Q below: 

Table 1. Applications of M-nets and F-graphs to place/transition nets and elementary 
nets 
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M-net 


F-graph 


BASE 


CAT 


Free functor 


Results 


place /transition 
net 


free monoid 
graph 


Set 


CMon 


free com. monoid 


Corollary |? 


PT-G net 


free group graph 


Set 


CGroup 


free com. group 


Corollary |? 


elementary nets 
with loops 


distinct 

powerset graph 


Set 


DPSet 


distinct powerset 


Corollary E 


unsafe 

elementary net 


powerset graph 


Set 


PSet 


powerset 


Corollary E 



5 Comparison of Constructions for Elementary Nets 
and Elementary Transition Systems 

In this section we relate our constructions of a marking graph for elementary nets 
to the construction of a case graph for elementary net systems in the sense of 
L^l-ilhJI , where the case graph is defined to be an elementary transition system. 
The behavior with respect to an initial marking of a net is given by an elementary 
transition system. Vice versa the realization of an elementary transition system 
is given by an elementary net system using regions and the Set Representation 
Theorem in the sense of |bH,9()j . 

A marking graph includes all possible markings and all possible (and even 
parallel) transitions. Thus the marking is merely dependent on the net structure, 
but it does not take into account the initial marking. On the other hand the case 
graph represents all markings reachable from a given initial marking. In fact, the 
case graph is a subgraph of the marking graph. We show the compatibility of 
our construction with the construction of elementary net system and elementary 
transition system. It is interesting, that although the constructions in jNRT92j 
are quite different we obtain the same kind of results, especially the adjunction 
between the category of nets and the category of the behavior graphs. The 
compatibility is given by the fact that the behavior of the nets and the realization 
of the graphs is the same w.r.t. a given initial marking. 

We now briefly review the notions of elementary net systems and transition 
systems as far as we need them to relate these approaches (for more details 
see EMUI)- In |NR,T92| two categories are established, the category ENS of 
elementary net systems and ETS the category of elementary transition systems. 
Between these categories there are adjoint functors H : ENS — >■ ETS and 
J : ETS — >■ ENS. ETS consists of a set of states, a set of events, a transition 
relation and an initial state. Furthermore, some conditions have to be satisfied. 
The realization of an elementary transition system via the functor J is achieved 
using regions. The regional construction is discussed in 

Elementary net systems consist of a set of conditions, a set of events, an 
initial marking and a flow relation. 

Definition 12 (Elementary Net System). 

An elementary net system N is a quadruple N = (B,E,F,Cin) where 
B is a set of eonditions, 
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E is a set of events and i? fl -E = 0 
Cm Q B is the initial marking, and 
F C (^B X E) U {E X B) the flow relation 
such that the following conditions are satisfied: 

1. Vx S E U E : 3?/ G E U E : (x,y) G F \/ (y,x) G F 

2. Vx, y G BU E : *x=*?/Ax* = y*=>x = t/ 



Remark 4 (Relationship to Elementary Nets with Loops). In contrast to elemen- 
tary nets with loops (see Subsection I4.Y|I elementary net systems have an initial 
marking. Condition Q ensures that there are nor isolated elements. Conditional 
allows neither parallel transitions nor parallel places. 

We have considered in |EPR,94) a subcategory EN C ENL, that consists of 
elementary nets (i.e. without an initial marking) satisfying the above restrictions. 
This category EN corresponds to the category of elementary net systems ENS. 

Definition 13 (Case Graph of an Elementary Transition System N). 

Given an elementary net system N = (B,E,F,Cin) we define the case graph 
to be an elementary transition system ETS = (C^v, Ejv, — I-at, Cm) given by the 
following conditions: 

1- -^nnQ 'P(B) X E X V{B) is the transition relation with 
~^NN= {(c, e, c')|c — c' =• e A c' — c = e*} 

2. Cn is the state space of N, it is the least subset ofV{B) that contains the 

initial state Cm and satisfies: 

(c, e, c ) G — t ]\[ A cG Cjv ' ' c G Cjv 

3. -An is ^NN restricted to Cn- 

4- En = {e|e G EA (c, e,c') G^n} is the set of active events. 

Remark 5 (Relationship to Distinct Powerset Graphs). In contrast to distinct 
powerset graphs (see Subsection 14.611 elementary transition systems associated 
with an elementary net system N satisfy a number of restrictions. In |KPK,94j it 
is shown that this leads to a subcategory EGraph of DPGraph and REGraph 
of RDPGraph, respectively. 

However the constructions of the marking graph functor MG and the realization 
functor R remain the same. So there is the marking graph functor MG : EN — 
EGraph and the realization functor R : REGraph — > EN, where similar to 
Corollary 01 R is left and right inverse to MG. 

The case graph construction in Definition El has been extended in ?NRT92| 
to a case graph functor H : ENS — >■ ETS. And the realization construction 
based on regions has been extended to a realization functor J : ETS — ENS 
that is adjoint to E with El o J = ID. 

Getting from a marking graph to a case graph means to distinguish one initial 
marking and forgetting all other potential behaviors of a net. Thus information 
is lost and the case graph is smaller and easier to cope with. The marking 
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graph represents the elementary net without loosing information. This difference 
is detectable as the category of elementary nets EN and reflexive elementary 
powerset graphs REGraph are equivalent, whereas the category of elementary 
transition systems ETS and elementary net systems ENS are only related by 
adjoint functors H and J with H o J = ID and J o H ^ ID. 

Summarizing we have: 

1. Adjoint Functors for Elementary Net Systems and Case Graphs 

ENS ^ ^ ETS 

,7 

with H o J = ID and J o H ^ ID (see [NRT92p 

2. Adjoint Functors for Elementary Nets and Marking Graphs 

MG 

EN < ^ REGraph 

R 

with MG o R /Z? and R o MG ^ ID (see |EPR,94j l 

In jHIPH,h4| we have defined constructions initm and cascm, that transfer 
objects from the category EN to the category ENS and from the category 
REGraph to the category ETS. In both cases the construction is depended on 
a chosen initial marking m of an elementary net A, i.e. we obtain an indexed 
construction, where the index set is the powerset of places of N . 

Furthermore we can simply forget the initial marking m and thus transform 
an elementary net system into an elementary net given by the construction 
forgetm- 

The constructions initm, forgetm and casem are no functors in general. But 
they admit to prove explicitly (see |EFRff4| 'l the compatibility of the case graph 
construction in and the marking graph construction in this paper. 

3. Functional Relationship Between the Case Graph and the Marking 

Graph Construction 



ENS 



forgetm 




init 



EN 



H 



J 



MG 



R 



ETS — REGraph 



The case graph, the marking graph, and the realization constructions are 
compatible in the following sense: 

(a) casCm o MG = Ho initm for all initial markings m 
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(b) casCm o MG o forgetm o J = ID for all initial markings m 

Interpretation: 

(a) Reducing the marking graph of a given net with respect to an initial 
marking yields the case graph of the net system consisting of the given 
net and the same initial marking. 

(b) Given an elementary transition system the marking graph of the real- 
ization of this elementary transition system yields again the given ele- 
mentary transition system. This is constructed as the marking graph’s 
subgraph that is induced by the initial marking. 

6 Conclusion 

In this paper we have presented an abstract notion of Petri nets, called M-nets, 
based on a free functor F between a base category BASE and a category CAT 
with higher structured objects. This yields a category of F-graphs, so that we 
can define an abstract notion of marking graphs. The category of M-nets has 
colimits and thus a suitable construction for composition. As the marking graph 
construction is a left adjoint functor MG, composition of M-nets is preserved. So 
we obtain a compositional semantics. Furthermore we have been able to char- 
acterize the subcategory of realizable F-graphs, namely the reflexive F-graphs. 
These F-graphs describe the behaviour of a M-net, that is constructed on the 
basis of the given F-graph. 

We have introduced several different notions of place/transition and elemen- 
tary nets that are instantiations of M-nets. 

As the realization problem was solved already for elementary net systems 
(with initial state) in !NRT92j we have shown compatibility of our approach in 
the special case of elementary nets (without initial state). 
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Abstract. We propose rewriting logic as a unifying framework for a 
wide range of Petri nets models. We treat in detail place/transition nets 
and important extensions of the basic model by individual tokens, test 
arcs, and time. Based on the idea that “Petri nets are monoids” suggested 
by Meseguer and Montanari we define a rewriting semantics that maps 
place/transition nets into rewriting logic specifications. We furthermore 
generalize this result to a general form of algebraic net specihcations 
subsuming also colored Petri nets as a special case. The soundness and 
completeness results we state relate the commutative process semantics 
of Petri nets proposed by Best and Devillers to the model-theoretic se- 
mantics of rewriting logic in the sense of natural isomorphisms between 
suitable functors. In addition we show how place/transition nets with 
test arcs and timed Petri nets can be equipped with a rewriting seman- 
tics and discuss how other extensions can be treated along similar lines. 
Beyond the conceptual unihcation of quite different kinds of Petri nets 
within a single framework, the rewriting semantics can provide a guide 
for future extensions of Petri nets and help to cope with the growing di- 
versity of models in this held. On the practical side, a major application 
of the rewriting semantics is its use as a logical and operational repre- 
sentation of Petri net models for formal verihcation and for the efHcient 
execution and analysis using a rewriting engine such as Maude, which 
also allows us to specify different execution and analysis strategies in the 
same rewriting logic language by means of rehection. 



1 Introduction 

This paper attempts to contribute to the general goal of unifying Petri net 
models by studying in detail the unification of a wide range of such models 
within rewriting logic m, which is used as a logical and semantic framework. 
Specifically, we show how place/transition nets, nets with test arcs, algebraic 
net specifications, colored Petri nets, and timed Petri nets can all be naturally 
represented within rewriting logic. Our work extends in substantial ways previous 
work on the rewriting logic representation of place/transition nets f4iS| . nets with 
test arcs pll, algebraic net specifications inni, and timed Petri nets m- 

The representations in question associate a rewrite specification to each net in a 
given class of Petri net models in such a way that concurrent computations in the 
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original net naturally coincide with concurrent computations in the associated 
rewrite specification. That is, we exhibit appropriate bijections between Petri net 
computations and rewriting logic computations, viewed as equivalence classes of 
proofs, that is, as elements of the free model associated to the corresponding 
rewrite specification EHI 

Furthermore, for certain classes of nets, namely place/transition nets and a gen- 
eral form of algebraic net specifications, which subsume the well-known class of 
colored Petri nets, we show that the representation maps into rewriting logic are 
functorial] that is, that they map in a functorial way net morphisms to rewrite 
specification morphisms. In addition, such functorial representations can be fur- 
ther extended to the level of semantic models, yielding semantic equivalence 
theorems (in the form of natural isomorphisms of functors) between well-known 
semantic models for the given class of Petri nets and the free models of the cor- 
responding rewrite theories or, more precisely, models obtained from such free 
models by forgetting some structure. 

As we further explain in the body of the paper, this work, including the above- 
mentioned functorial semantics and the semantic equivalences, generalizes in 
some ways, and complements in others, a substantial body of work initiated by 
the second author in joint work with Ugo Montanari under the motto “Petri 
nets are monoids” in which categorical models 

are naturally associated as semantic models to Petri nets, and are shown to 
be equivalent to well-known “true concurrency” models. Our work is also re- 
lated to linear logic representations of Petri nets )45l46i4lllll0l26| . All this is 
not surprising, since, as explained in |48j . both the categorical place/transition 
net models of m and the linear logic representations of place/transition nets 
inspired rewriting logic as a generalization of both formalisms. But, as shown 
in this paper, the extra algebraic expressiveness of rewriting logic is very useful 
to model in a simple and natural way not only place/transition nets, but also 
high-level nets, such as algebraic net specifications, colored Petri nets, and timed 
Petri nets. 

Our proposed unification of Petri net models is not only of conceptual interest. 
Given that, under reasonable assumptions, rewrite theories can be executed, the 
representation maps that we propose provide a uniform operational semantics 
in terms of efficient logical deduction. Furthermore, using a rewriting logic lan- 
guage implementation such as Maude HSUS!, or the Real-Time Maude tool in 
the timed case inUBD!, it is possible to use the results of this paper to create 
execution environments for different classes of Petri nets. In addition, because 
of Maude’s reflective capabilities [HI, the Petri nets thus represented cannot 
only be executed, but they can also be formally analyzed and model checked 
by means of rewriting strategies that explore and analyze at the metalevel the 
different rewriting computations of a given rewrite specification. 

The general way of representing Petri nets within rewriting logic that we propose 
is by no means limited to the net classes explicitly discussed in this paper. We 
believe that it can be similarly applied to other important classes of nets that we 
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cannot discuss in detail due to space limitations. We briefly address how similar 
representations could be deflned for other Petri net classes, such as colored Petri 
nets based on (higher-order) programming languages nets with macroplaces 
m . nets with FIFO places object-oriented variants of Petri nets 

PEI, and object nets |72l7dl28l74| where nets are viewed as token objects. 



We conclude this introduction with a brief overview of the paper: After intro- 
ducing rewriting logic together with the underlying membership equational logic 
in the following section, we introduce in Section Q a category of place/transition 
nets together with a functor that associates the process semantics of Best and 
Devillers [Z| with each place/ transition net. We then define the rewriting specifi- 
cation associated with a place/transition net and we establish a semantic connec- 
tion in terms of a natural isomorphism at the level of symmetric monoidal cate- 
gories. We conclude the section on place/transition nets by showing how test arcs 
can be incorporated using a slightly richer state space that satisfies certain sym- 
metries. In Section 0 we generalize the rewriting semantics for place/transition 
nets to algebraic net specifications, which we view as colored net specifications 
over membership equational logic. As it is the case for rewriting logic, the con- 
cept of colored net specifications is quite general, since it is parameterized over 
an underlying logic. However, for the sake of concreteness we only deal with 
rewriting logic and colored net specifications over membership equational logic 
in this paper. As in the previous section we relate the Best-Devillers process se- 
mantics and the model-theoretic semantics obtained via rewriting logic in terms 
of a natural isomorphism. In Section 0 we deal with timed Petri nets, an ex- 
tension of place/transition nets by a notion of real time. The model we use is 
closely related to the model of interval timed colored Petri nets proposed by van 
der Aalst but for the purpose of a simpler exposition we deal with the corre- 
sponding uncolored model and focus on the essential real-time aspects. Finally, 
in Section 0 we conclude by discussing how our approach can be generalized or 
extended to the other models of Petri nets like those mentioned before. 



2 Preliminaries 

A finite multiset over a set 5 is a function m from 5 to N such that its support 
S{m) = {s G 5 I m{s) > 0} is finite. We denote by S'® the set of finite multisets 
over S, by 05 the empty multiset over S (we usually omit S if it is clear from the 
context), and we use the standard definitions of multiset membership G, multiset 
inclusion C, multiset union ©, and multiset difference — . Sometimes we write x 
instead of the singleton multiset containing x. 

A list of length n over a set S is a function I from the interval [1, n] of N to S. 
We denote by £(S) the set of lists of arbitrary length over S. Concatenation of 
lists u and v is written as uv. Sometimes we write x instead of the singleton list 
containing a;. If a; is a variable ranging over elements, we often use the variable 
X to range over lists of such elements. 
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Often we implicitly lift functions f : X ^ Y to sets / : V{X) — >■ 'P(Y), finite 
multisets / : X® — >■ U® , and lists / : C{X) — >■ £( Y) in the natural homomorphic 
way. Given a finite set S we sometimes assume a canonical enumeration of S, i.e. 
a list a: of n distinct elements such that S = {xi, . . . ,Xn} which is fixed thoughout 
the paper. In order to ensure the existence of a canonical enumeration of certain 
sets we could assume that all their elements are drawn from a single total order 
that we do not make explicit in this paper. 



2.1 Membership Equational Logic 

Membership equational logic (MEL) [9Irl| is a many-sorted logic with subsorts 
and overloading of function symbols. It can express partiality very directly by 
defining membership in a sort by means of membership equational conditions. 
In accordance with the terminology introduced in the references above we refer 
to the types of the logic as kinds, and we view the sorts for each kind as unary 
predicates. The atomic sentences are equalities M = N for terms M,N of the 
same kind, and memberships M : s for M a term and s a sort, both of the same 
kind. Sentences of MEL are universally quantified Horn clauses on the atoms. 

Definition 1. A memberhip equational signature f2 consists of a set of kinds Kq, 
a set of sorts Sq, a function tto \ Sq ^ Kq that associates to each sort its kind, 
and a family k^Ka of operator symbols such that the following 

overloading restriction holds: If fl OP^’’^ ^ 0 then k = k' implies k = k' . 

Instead of o £ OPq'^ we simply write o : fc — ^ fc. If fc is empty we write o : ^ k, 
and o is called a constant symbol, otherwise o is called a function symbol. 

Given membership equational signatures fl and fl' a membership equational 
signature morphism H : fl ^ fl' consists of functions Hk '■ Kq — > Kq/, Hs : 
Sq -t Sqi and Hqp : OPq OP q' such that (1) Hk{'pq{s))_= ttqi{Hs{s)) for 
each sort s £ Sq, and (2) / : fc — >■ fc in I? implies Hop{f) ■ Hx{k) — )> Hfc{k) in fl'. 
We usually omit the indices of H if there is no danger of confusion. Membership 
equational signatures together with their morphisms form a category MESign. 

A kinded variable set is a family of pairwise disjoint sets which are also 

disjoint from the operator symbols in OPq. Given a kinded variable set X, the 
kinded set of fl-terms over X, written Tq{X) = {Tq{X),) k£K, is inductively 
defined as follows: (1) each variable x £ Xk is in Tj 7 (A)fe; (2) each constant sym- 
bol c with c : — >■ fc is in TIq^X)). for k G K; (3) each function application of the 
form /(Ml, . . . , M„) i_s in YQ{X)k for / : fc -)> fc and Mi £ Y qIx)^^, . . . ,Mn £ 
TQ{X)k^ where fc = fci . . . fc„. If A is the empty variable set the terms above are 
called ground terms and we write Tq and TQ^k instead of Ti 2 (A) and TQ{X)k, 
respectively. 

We define atomie fl -formulae over A as either (1) fl -memberships over A of 
the form M : s for M £ Ti 2 (A)^(s), or (2) fl-equations over A of the form 
M = A for M,N £ TQ{X)k for some kind k. Furthermore, fl-eonditions over 
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X are of the form (/>i A . . . A where 4>i, . . . ,4>n are atomic formulae over X . 
Given an 17-condition (j)i A ... A (f>n over X an fl-axiom can be either (1) a 
membership axiom of the form y X . M : s if (f>i A . . . A cj)n, where M : s is 
an 17-membership over X, or (2) an equational axiom of the form y X . M = 
N if 01 A ... A (^n,, where M = N is an 17-equation over X . We usually omit 
the quantifier if X is empty. 

A membership equational theory (MET) T consists of a signature fij- and a set 
of l7T--axioms EAp. 

The algebraic semantics of membership equational logic is a standard model- 
theoretic one PEH- Models of a membership equational theory are suitable al- 
gebras satisfying the axioms. 

Definition 2. Let 17 be a signature. An fl-algebra A consists of a kind inter- 
pretation for each k G K, a sort interpretation |s]^ C pp for each s G 
7T“^(fc), an operator interpretation |o^ for each o : k ^ k such that pj^i G 
pp for c :-)> fc and |/p £ P]a pp for / : fc fc where pj^ = Pi]a x 
... X P„]a a k = ki . . . kn- For better readability we often write |c]a and |/p 
instead of \ck\A and {fj. j(\a assuming that the subscripts are clear from the 
context. To simplify some constructions we assume in this paper without loss of 
generality that pj^ H P']a = 0 for all kinds k ^ k' . 

Let A,B be 17-algebras. A fi-morphism, written h : A ^ B, is a kinded function 
h = {hk)k£K such that hk ■ P]a — )> p]s for all fc £ A and the following 
conditions hold: (1) /ifc(pp) C p]s for s £ 7r“pfc); (2) /ifc(pfcp) = p/Js for 
c : -)> fc; and {3)_ hk{lfk^k]A{di, . . . ^dn)) = I/fc,fc]s(/ifcPai), ■ • ■ Pfc„(an)) for / : 
k ^ k with k = k\ . . .kn and di G pi] a- 17-algebras together with l7-morphisms 
constitute a category Mod (17). 



Definition 3. Let A be an 17-algebra. An assignment (3 •. X ^ A is a kinded 
function (3 = {(lk)keK associating to each a; £ an element f3k{x) £ p|yi. 
It is extended to terms over X as follows: (1) (3k{c) = \ck\A for c : — >■ fc; and 
(2) /3fc(/(Mi, . . . . . .,(3-j^{Mn)) for / : fc -)> fc and M, G 

Tf 2 (A)^. where k = p . . . fc„. Instead of (3k{M) for M G TlQ{X)k we also use 
the notation !3{M) or 

Let A be an 17-algebra, let /3 : A — A be an assignment, and let M,N G 
Tn(A)fc. We define validity of formulae starting with atomic formulae: an 17- 
membership M : s over A is valid under (3 iff £ |s|a; and an 17-equation 

M = N over A is valid under (3 iff We write A, /3 p 0 iff an 

atomic formula 0 is valid under (3. Furthermore, an 17-condition 0i A . . . A 0„ 
over A is valid under /3 iff A, 0 p 0^ for each i £ {1 . . . n}, in which case we also 
write A, /3 p 01 A . . . A 0„. An 17-axiom V A . 0 if 0i A . . . A 0„ is valid iff for 
each assignment /3 : A — >• A we have A, /3 p 0 whenever A, /3 p 0i A . . . A 0„. 
We also write A p V A . 0 if 0i A . . . A 0„ in this case. Given a set E of 
17-axioms we write A p A iff A p 0 for each ip G E. Given a MET T we say 
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that A\s a,T -algebra iff ^ |= E-j-. We write T \= tp iS A \= 'll; for each T-algebra 
A and given a set E of i7-axioms we write T 1= i? iff T |= '0 for each ip G E. 
We furthermore say that M and N are E -equivalent iff for all 

17-algebras A satisfying A\^ E and assignments /3 : X A. 

Given METs T and T', a MET morphism 77 : T — >■ T' is a membership equa- 
tional signature morphism H : 17-t — >■ 17t-' such that T' \= H{Ep), where H is 
lifted to terms and axioms in the natural homomorphic way. We say that T is a 
subtheory of T' , written T ^ T', iff there is a MET morphism J : T ^ T' that 
is an inclusion. 

METs together with their morphisms form a category MET, and given a MET 
T the class of T-algebras together with their l7-morphisms constitutes a full 
subcategory of Mod(f7) denoted by Mod(T). Each MET morphism 77 : T — )> 
T' induces an obvious forgetful functor Mod(77) : Mod(T') — ?> Mod(T) that 
we also write as XJh- In fact, we have a contravariant functor Mod : MET — ^ 
Cat°P. Given an inclusion I : T ^ T' and a T'-algebra A we also write A\T 
instead of U/(X). 

METs have initial and free models [t)l5 1 ) . In fact, given a MET T' there exists 
an initial T^-algebra, written More generally, given a MET morphism 77 : 

T ^ T' between METs T and T' there exists a free functor ■ Mod(T) — 
Mod(T'), he. a functor that is left adjoint to U^. In the following we write 
r]H and en for unit and counit, respectively, of this adjunction, i.e., we have 
natural transformations t]h{A) : A — >• Uif(Fi/(X)) for T-algebras A and eH{A') : 
Fff(Uff(X')) ^ A' for T'-algebras A'. 

In contrast to an entirely loose or entirely initial semantics of membership equa- 
tional theories, in practice a mixed specification style is used, where certain 
subtheories are intended to be equipped with initial interpretations or certain 
subtheories are interpreted freely over their parameter specifications. To make 
such restrictions on the models explicit in the specification we enrich a member- 
ship equational theory by initiality and freeness constraints and refer to 

these enriched theories as membership equational logic specifications (MES). 

From a model-theoretic point of view, constraints are axioms that are treated in 
full analogy to membership or equational axioms, i.e., as sentences that have to 
be valid in all models. Hence, the models of a MES are algebras which satisfy 
all the given initiality and freeness constraints. Given a MES model, a model 
of a subspecification is obtained by its associated forgetful functor \J k for K 
the corresponding subspecification inclusion. In particular, this means that a 
model induces a unique interpretation for each subspecification, which is the 
justification for the condition on e below. The notion of constraint we use here 
is a special case of the notion proposed in where initiality constraints are 
seen as a special case of freeness constraints. 

Definition 4. Let J : T" ^ T' and 7 : T' ^ T he MET inclusions. A con- 
straint for T can take one of the following two forms: (1) T' initial or (2) T' 
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free over T" ■ A membership equational speeifieation (MES) 5 is a MET 7s 
together with a set Cs of constraints for Ts ■ 

Let A be a T-algebra. We define validity of a constraint as follows: (1) the 
constraint E' initial is valid iff the unique morphism from 1(7^0 to A|7^' is 
an isomorphism, and (2) the constraint E' free over E" is valid iff ej{A\E') : 
Fj(A|T") — ?► A\E' is an isomorphism. Given a MES S with an underlying MET 
Es, an S-algehra is a 7s-algebra A such that each constraint in Cs is valid in A. 

In complete analogy to METs we define: Given MESs S and S' , a MES morphism 
H : 5 — 5' is a morphism H : E ^ E' such that S' \= H{ Cs), i.e. the constraints 
H{Cs) are valid in all 5'-algebras, where H is lifted to constraints in the natural 
way. 5 is a sub specification of S' , written 5 5', iff there is a MES morphism 

J : S ^ S' that is an inclusion. MESs together with their morphisms form a 
category MES and the category of 5-algebras Mod(5) is the full subcategory 
of Mod(75) that contains only 5-algebras. Each MES morphism H : 5 — 5' 
induces an obvious forgetful functor Mod(i7) : Mod(5') — >■ Mod(5) that we 
also write as U^f . Again, we have a contravariant functor Mod : MES — >■ Cat°P 
that generalizes Mod : MET — Cat°P. Given an inclusion I : S' ^ S and an 
5-algebra A we also write A|5' instead of U/(A). 

Furthermore, we introduce interpreted specifications together with a general 
notion of morphism that reflects a transformation of the specification as well as 
a transformation of the algebras possibly associated with different specifications. 

Definition 5. An interpreted MES (5, A) consists of a MES 5 and a 5-algebra 
A. The category IMES of interpreted MES is given by the Grothendiek construc- 
tion A(Mod) where Mod : MES — >■ Cat°P. Recall that a morphism (H,h) : 
(5, A) — >■ (5', A') in A(Mod) consists of morphisms H : 5 — 5' and h : A ^ 
Uif(A') satisfying the conditions of the Grothendiek construction |71|. 

Given a MES 5, the operational semantics |0|, that can be used to efficiently 
execute a specification under certain assumptions, is explained using a refinement 
of 5, namely by viewing Es as composed of a set Eg of structural axioms and 
a set Eg of computational axioms, i.e., E = Eg U Eg . Assuming that the 
computational axioms in Eg satisfy the variable restriction explained below the 
equational axioms in Eg can be seen as reduction rules that operate modulo 
the equational theory induced by Eg . Identifying Ej -equivalent terms, we write 
M M' to express that M can be reduced to M' by applying an equation in Eg 
to a subterm of M . The variable restriction requires that all variables occurring 
in the righthand side or in the condition of an equational axiom also appear in 
the lefthand side, and for membership axioms that all variables occurring in the 
condition also appear in the conclusion. A MET 5 is said to be executable iff the 
variable restrictioifl is satisfied for all axioms in Eg and the following conditions 
hold after identifying Ej-equivalent terms: the equations in Eg are confluent, 

^ In its most recent version Maude imposes an even weaker restriction for executability 
due to the admissibility of conditions with matching equations f20( . 
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equational and membership axioms in are terminating, equational axioms in 
E^ are sort-decreasing and satisfy the regularity condition. For formal details of 
these conditions we refer to jH]- In particular, these conditions imply that each 
term M has a unique normal form w.r.t. ^ which is denoted by NF(M). 



2.2 Rewriting Logic 

In the simplified setting of ^H| a rewrite specification TZ consists of a single- 
sorted signature a set E]i of equations over and a set Rqi of labelled 
rewrite rules of the form MX . I : M — ?> N if A . . . A <^„, where I is a 
label, M and N are f77^-terms, and A . . . A (^„ is a l77^-conditioi0 over the 
variable set X. The rewrite rules in R-ji are applied modulo the equations E-ji. 
Rewriting logic (RWL) has rules of deduction to infer all rewrites, i.e., those 
sentences of the form P : M ^ N that are valid in a given rewrite specification 
m- A rewrite P : M ^ N means that the term M rewrites to the term N 
modulo i? 7 j, and this rewrite is witnessed by the proof term P. Apart from 
general (concurrent) rewrites P : M ^ N that are generated from identity and 
atomic rewrites by parallel and sequential composition, rewriting logic classifies 
its most basic rewrites as follows: a one-step (concurrent) rewrite is generated by 
parallel composition from identity and atomic rewrites and contains at least one 
atomic rewrite, and a one-step sequential rewrite is a one-step rewrite containing 
exactly one atomic rewrite. 

From a more general point of view, rewriting logic is parameterized by the choice 
of its underlying equational logic, which can be single-sorted, many-sorted, order- 
sorted and so on. In the design of the Maude language uncB], membership equa- 
tional logic has been chosen as the underlying equational logic. To introduce 
rewriting logic over membership equational logic, abbreviated as RWLmel or 
just RWL, we assume an underlying MES Sn with a distinguished data sub- 
specification The data subspecification specifies the static data part of the 
system whereas the remaining part of specifies the state space by introduc- 
ing the rewrite kinds, i.e., kinds whose terms correspond to states and therefore 
can be rewritten, together with their algebraic structure, which characterizes the 
possibilities of parallel composition. In the context of this paper the state space 
is always specified in a purely equational way. 

Definition 6. A rewrite specification (RWS) TZ consists of a MES Su with a 
distinguished data sub specification S^, a set of labels L-ji, and a set of rules Rn 
of the form M X . I : M ^ N if fii A ... A (j)„ where I € L-n, A ... A (fn 
is a iS 7 ?,-condition over X, and M,N G TTi{X)k in Sn for a rewrite kind k. 
To simplify the exposition we identify either i? 7 ^-equivalent or Fl^-equivalent 
terms in the context of a RWS TZ whenever we are concerned with the algebraic 
semantics or the operational semantics, respecively. 



^ Rewriting logic as presented in admits rewrites in conditions of rules, but we do 
not exploit this possibility in the present paper. 
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Given two RWSs 72. and 72', a RWS morphism H : 72 — >■ 72' consists of a MES 
morphism Hs : S-jz — >■ S-jzi and a function '■ L-jz — ?> L-jz' such that Hs has a 
restriction Hd ■ — >■ to the data subspecification and for each rule r G 

Rtz there is a rule in Rjz' that is 7?7j'-equivalent to 77(r) up to a renaming of 
the variables, where H is lifted to rules in the obvious homomorphic way. RWSs 
together with their morphisms form a category that is denoted by RWS. 

The algebraic semantics of rewriting logic is defined as follows. A model of a 
rewrite specification (RWS) 72 is a model A of the underlying MES S-jz together 
with an enriched categorical structure for each set |fc]^, where fc is a rewrite 
kind. The interpretation of _ : _ — > which can be regarded as a ternary pred- 

icate, is given by the arrows of the category. Sequential composition of rewrite 
proofs is interpreted by arrow composition, and parallel composition operators 
are interpreted by enriching the category with an algebraic structure as it has 
been specified for the rewrite kinds in Sfz- In order to be a model, the category 
has to satisfy a number of natural requirements, namely, functoriality w.r.t. the 
algebraic structure that is relevant for the rewrite kinds, the equations in S^z 
that are relevant for the rewrite kinds lifted to arrows, and for each rule in 72 
the so-called exchange and decomposition laws. For a detailed description of 
these requirements we refer to PH). The models of a RWS we consider in this 
paper are freely generated over models of the data subspecification In the 
important case where is interpreted initially, we obtain precisely the initial 
model described in m- A more precise definition of the algebraic semantics of 
rewriting logic will be given in Sections 18.21 and El for the particular forms of 
underlying specifications that are relevant for Petri nets. 

The operational semantics of RWSs extends the operational semantics of MESs 
by applying computational equations E-£ and rewrite rules R-jz modulo the struc- 
tural equations 72^. In this way we can achieve the effect of rewriting modulo 
E-jz provided that a suitable coherence requirement between equations and rules 
is satisfied. In particular, we say that a RWS is weakly executable iff the under- 
lying MES is executable, and the equations in E^ are coherent with the rules in 
Rtz modulo E^. Identifying terms that are 7?.^-equivalent and identifying proof 
terms that are equivalent in the sense of @ 3 , coherence means that if P : M — )> 
N then there is a term N' such that NF(P) : NF(M) — >■ N' and N' =>* NF(A) 
(this is stronger than coherence in EZl since we take proofs into account). A 
RWS is strongly executable iff additionally the variable restriction for rules is 
satisfied, i.e., all variables occurring in the righthand side or in the condition 
of a rule also appear in the lefthand side. In this case matching is sufficient for 
finding instantiations for the variables, whereas in the case of weak executability 
a strategy is needed to take care of this. 

3 Place/Transition Nets 

Place/transition nets (PTNs) are a model of concurreny in which behaviour 
is governed by local state changes in a distributed state space. The global dis- 
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tributed state of the system is represented by a marking, which assigns a number 
of indistinguishable tokens to each place. State changes that may occur in the 
system are specified by transitions. Each transition can only affect the part of 
the marking that is local to the transition, i.e., present in the places the tran- 
sition is connected to. More precisely, a local state change corresponds to the 
atomic occurrence of a transition which removes tokens from its input places and 
produces tokens on its output places. The number of tokens that are transported 
by an arc is specified by its inscription. 

As an example consider the PTN modeling an instance of the well-known banker’s 
problem depicted in Fig. ^ which models the situation of a bank loaning money 
to (in this case two) clients. As usual, places and transitions are drawn as circles 
and rectangles, respectively. The flow relation and the weight function are given 
by arrows and their inscriptions. An additional initial marking is specified by 
place inscriptions. The money available for clients is modeled by the number of 
tokens in the place BANK. Furthermore, each client n has an individual credit 
limit modeled by a place CLAIM-n. The fact that client n requests and receives 
money is modeled by a transition GRANT-n and we assume that after exhausting 
the credit limit client n returns all the money via the transiton RETURN-n. 



BANK 




CREDIT-1 CLAIM-1 CREDIT-2 CLAIM-2 

Fig. 1. Banker’s problem with two clients 



We now give formal definitions of basic nets and define a PTN as a particular 
form of an inscribed net. Instead of just finite nets we admit infinite nets, but we 
restrict our attention to nets with transitions that can affect only a finite part 
of the marking (locality principle) so that each transition can be represented in 
a flnitary way. 

Definition 7. A net N consists of a set of places Pn, a set of transitions Tjv 
disjoint from P]v, and a flow relation Fpj C (Pjy x T]v) U (T^v x Pjv) such that 
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’t = {p \ p Fn t} and t’ = {p \ p Fj^ t} are finite for each t G (local 
finiteness). A net is finite iff the sets Pn and Tjv are finite. Given nets N and 
N', a net morphism H : N ^ N' consists of functions Hp : Pyr — Pn' and Hp '■ 
Tpf — >• Tpfi such that Hp{’t) — ’Hp^t) and Hp(t’) = Hp{t)’. Nets together 
with their morphisms form a category Net. 

A place/transition net is essentially a net with arcs inscribed by natural numbers. 

Definition 8. A place/transition net (PTN) Af consists of: (1) a net Ayy and 
(2) an arc inscription Wj^ : Pjy — >■ N. Wj^ is extended to Wj^ : (P^y x Tj^) U 
(Tjy X Pjy) — N in such a way that (a;, y) ^ P^y implies Wj\f{x, y) = 0. Given 
PTNs N and A/"', a PTN morphism H : Af ^ Af is a net morphism H : N_\f — >■ 
N/tf/ such that: 

1. Wufp', t') = i) + ■ • ■ + W^fip„, t) 

for all p' G P_\fi, t' G t G H~^{t'), 

and {pi, . . . ,Pn} = H~^{p') fl 't with distinct pi, and 

2. W^fft',p')= Wu{t,pi) + ... + WV(i,Pn) 
for all p' G Pj\p, t' G t G H~^{t'), 

and {pi, . . . ,Pn} = H~^{p') fl t' with distinct pi. 

PTNs together with their morphisms form a category PTN. Each net N can be 
conceived as a PTN Af with A/y = N and W0y(a;, y) = 1 iff a; P^ y. 

The notion of net morphism we use here is more restrictive than the (topological) 
net morphisms used in m and close to, but slightly stronger than, the (alge- 
braic) net morphisms used in yi2| . The justification for our definition is that net 
morphisms should be morphisms in the sense of [6d| and should preserve the 
behaviour in the strongest reasonable sense. Given a net morphism H : Af ^ 
Af the intention is that the behaviour of Af is subsumed by the behaviour of 
Af , although Af may exhibit a richer behaviour. In this paper we focus on a 
description of behaviour by Best-Devillers processes in a way that generalizes 
the well-known step semantics. Indeed, not only the interleaving semantics but 
also the step semantics and the process semantics can be regarded as labelled 
transition systems where the states are markings and the labels are steps or 
processes, respectively. In the case of Best-Devillers processes, the labelled tran- 
sition system is equipped with additional algebraic structure which will be made 
explicit by regarding the transition system as a symmetric monoidal category. 

Definition 9. Let Af be a PTN. A marking is a multiset of places. A (concur- 
rent) step is a nonempty finite multiset of transitions. The set of markings and 
the set of steps are denoted by Adjy and ST jy-, respectively. We define preset 
and postset functions do,di : Tj^ — >• Adjy by do{t){p) = W{p,t) and di{t){p) = 
W{t,p), respectively. The (concurrent) step semantics of a place/transition net 
Af is given by the labelled transition system which has AAjij- as its set of states. 
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ST Af as its set of labels and a transition relation — ?> C Tijij- x ST x 
defined by m\ — > m 2 iff there is a marking m such that, for all p £ 

mi{p) = m(p) + do(e)(p) and 

m 2 (p) = m(p) + di(e)(p) . 

Writing the occurrence rule in the way given above makes it evident that the 
occurrence of an action replaces its preset by its postset, whereas the remainder 
of the marking, here denoted by m, is not involved in this process. This is an 
important fact that will be made formally explicit in the process semantics that 
we review subsequently in a somewhat informal style. For details we refer to I2H 
and jZ|. 

Definition 10. An occurrence net J\f is a net such that FV is acyclic and |’t|, 
|t*| < 1 for each t G Tjij-. Given an occurrence net Af, induces a partial order 
(<) = FV"'" on Pj^ U Tjy and its minimal and maximal elements are denoted by 
Max(Af) and Min{J\f), respectively. 

Let Af be a PTN. Then a finite proeess V oi Af with origin marking mi and 
destination marking m 2 consists of a finite occurrence net N-p and a PTN mor- 
phism Lp : Np — 7> Af (where Np is viewed as a PTN) such that Lp{Min{Np)) = 
mi and Lp{Max{Np)) = m 2 - Given finite processes V and V the parallel eom- 
position of T and V' is defined as the disjoint union of the underlying nets and 
label functions. Given processes V and V such that the destination of V is equal 
to the origin oiV' , a sequential composition of V and V is obtained by disjoint 
union (as above) pairwise identifying maximal places of V with minimal places 
of V' , where every two places to be identified must have the same label. Notice 
that in general the result of sequential composition is not unique ED- 

Intuitively, a process of a PTN is generated by “temporal unfolding” starting 
from a marking that becomes the origin of the process. Observe that for a given 
finite process V of AF, not only Min{V) and Max{V) but each snapshot (S- 
cut in the sense of 0) of P corresponds to a marking of Af by virtue of Lp. 
The ambiguity of the result of sequential composition is caused by a snapshot 
corresponding to a marking with several identical tokens in some place, say p. 
Gonsider a transition in Af that removes one token from p. A single firing of 
this transition gives rise to two different processes, since identical tokens are 
represented by different places in the process net. An obvious solution to avoid 
this ambiguity is to restrict our attention to safe processes, i.e., processes that 
take place in the safe part of the state space where such situations do not occur. 
A marking m is said to be a safe marking iff all markings m' reachable from m 
in the step semantics satisfy m'{p) < 1 for all p G P. A process is said to be safe 
iff its origin is safe. Safe processes coincide with the classical notion of processes 
if we consider 1-safe PTNs which are equivalent to contact-free elementary net 
systems [ISIHItj . Our definition of safe processes is restrictive enough to ensure that 
the class of safe finite processes is always closed under sequential composition. 
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a property that is not shared by the subclass of finite processes with the weaker 
property that all markings m corresponding to snapshots (S-cuts) satisfy m{p) < 
1 for each p G P. 

Definition 11. A (strict) monoidal category (MC) C is a category equipped 
with a monoidal operation _ ®c - and an identity object idc such that _ - 

is an associative bifunctor with left and right identity idc- ^ monidal category 
morphism : C — >■ C' is a functor that preserves _ and id, i.e., h{u ®c v) = 
h{u) ®c' h{v) and h{idc) = idc>- If in addition _ - is commutative, then 

we say that C is a (strictly) symmetric (strict) monoidal category (SMC). The 
category of SMCs is denoted by SMC. 

A variation of an SMC is a partial SMC C where _ Cic - is a partial functor and 
each equation in the definition of SMCs is only required to be satisfied iff both 
sides are defined. The category of partial SMCs is denoted by PSMC. Clearly, 
SMC is a subcategory of PSMC. 



Definition 12. The safe process semantics SP(A/”) of a PTN Af is given by a 
partial SMC that has safe markings as objects and safe processes as arrows. 
Arrow composition is given by sequential composition, the partial monoidal op- 
eration is given by parallel composition, and the identity for an object m is given 
by the finite process without transitions with origin m and destination m. SP 
can be extended to a functor SP : SPTN — ?> PSMC, where SPTN is the sub- 
category of PTN obtained by restricting morphisms to safe PTN morphisms. 
Here, a PTN morphism H : Af ^ Af is safe iff it maps each safe marking in Af 
to a safe marking in Af. Now SP lifts each safe PTN morphism H : Af ^ Af to 
a functor SP{H) : SP{Af) — ^ SP(A/’') defined in the obvious way. 

If we restrict our attention to safe markings there is a close correspondence be- 
tween the step semantics and the process semantics: Each step sequence, i.e., 
each computation w.r.t. the step semantics, generates a unique process, and a 
process determines a set of step sequences that contains the original one. As a 
consequence processes are more abstract than step sequences. A similar corre- 
spondence exists for the interleaving semantics, i.e., if we restrict steps to single 
transitions. Both correspondences are investigated in 0. On the other hand, the 
authors of jZj observe that step sequences and processes become incomparable 
when we admit markings that are not safe, which means that the natural view 
of processes as an abstraction of step sequences does not hold anymore. In order 
to recover this correspondence a more abstract notion of process is needed, and 
in fact Best-Devillers processes 0, which became also known as commutative 
processes PET| . provide such a notion. In contrast to processes which adhere 
to the individual token philosophy]^ Best-Devillers processes share with step se- 
quences the collective token philosophy, meaning that identical tokens on a place 

® A functorial semantics following the individual token philosophy has recently been 
given in M by using pre-nets, a refinement of PTNs. 
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in the system are not distinguished in the process. This allows us to define an 
operation of sequential composition that has a unique result whenever sequen- 
tial composition is possible. The following definition of Best-Devillers processes 
is equivalent to the definition given in 0, except for the fact that 0 does not 
make explicit the algebraic and categorical structure. 

Definition 13. Let V and V' be finite processes and let pi,P 2 G Pv with 
L-p(pi) = L-p{p 2 ). We define a predicate swap(P, V ,pi,p 2 ) which holds iff P-p/ = 
Ppf Tpt = Tp, Lp/ = Lp and: 



1. t Fpi p t Fp p, 

2. p Fpi t p Fp t ii p ^ Pi and p ^ P 2 , 

3. Pi Fpi t p2 Fp t, 

4. p2 Fpi t Pi Fp t. 

We define an equivalence on finite processes as the smallest equivalence rela- 
tion that contains {V,V) if there are pi,P 2 G Pp such that Lp{pi) = Lp{p 2 ) 
and swap(7^,P',pi,p2) holds. The equivalence classes are called Best-Devillers 
processes. 

The notions of origin, destination, parallel and sequential composition of pro- 
cesses are lifted to Best-Devillers processes in the obvious way. At this level the 
result of sequential composition becomes unique, since all potentially different 
results obtained by composing two processes fall into the same equivalence class. 



Definition 14. The Best-Devillers process semantics BDP(jV’) of a PTN Af 
is given by an SMC that has markings as objects and Best-Devillers processes 
as arrows. Arrow composition is given by sequential composition, the monoidal 
operation is given by parallel composition, and the identity for an object m 
is given by the Best-Devillers process without transitions with origin m and 
destination m. BDP can be extended to a functor BDP : PTN ^ SMC that 
sends each PTN morphism H : Af ^ Af to a functor BDP (If) : BDP(Af) — 

BDP(Af')- 

The above definition is also equivalent to the one given in EP, although we define 
Best-Devillers processes as a quotient of (classical) processes as in 0 rather than 
as a quotient of concatenable processes as in m- Concatenable processes are a 
slight refinement of finite (classical) processes: a concatenable process is a finite 
process together with a total ordering of {p S Min{Af) \ L{p) — p'} for each 
place p' in the origin and a total ordering of {p £ Max{Af) \ L{p) = p'} for 
each place p' in the destination. Using this refined notion of process the obvious 
definition of sequential composition, where places are only identified if they have 
the same position in this order, yields a unique result, which allows us to view 
the class of concatenable processes as a category. 

Since a safe process is only equivalent to itself, it corresponds to a Best-Devillers 
process given by a singleton equivalence class. Hence each safe process can be 
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regarded as a Best-Devillers process giving rise to an injection : SP{Af) — ?> 
BDP(A/"). Actually we can state the following stronger 

Remark 1. SP : SPTN ^ PSMC is a subfunctor of BDP : SPTN 
PSMC (the obvious restriction of BDP : PTN SMC) as witnessed by t : 
SP BDP which is in fact a natural transformation. 

We take this remark as a justification for focusing primarily on the Best-Devillers 
processes in the following, keeping in mind that classical safe processes form an 
important subcategory. In the context of nets with individual tokens we shall 
give some additional arguments for the relevance of this subcategory. 



3.1 Rewriting Semantics: An Example 

Rewriting logic can provide a direct semantics of PTNs following the motto 
“Petri nets are monoids” advocated in m- In fact, the categorical semantics 
presented in that work and also the relation between PTNs and linear logic 
explained in m inspired the development of rewriting logic. 

The PTN of the banker’s problem can be represented by the following RWS 
given in Maude syntax I19I18I . which consists of a MES specification and a set 
of rewrite rules. As usual in Maude, the rewrite kind [Marking] is implicitly 
introduced by introducing a sort Marking of this kind0 



sort Marking . 
op empty : -> Marking . 

op : Marking Marking -> Marking [assoc comm id: empty] . 



ops BANK CREDIT- 1 CREDIT-2 CLAIM- 1 CLAIM-2 : -> Marking 

rl [GRANT- 1] : BANK CLAIM- 1 => CREDIT- 1 . 

rl [RETURN-1] : CREDIT-1 CREDIT-1 CREDIT-1 => 

BANK BANK BANK CLAIM- 1 CLAIM- 1 CLAIM- 1 . 

rl [GRANT-2] : BANK CLAIM-2 => CREDIT-2 . 



rl [RETURN-2] : CREDIT-2 CREDIT-2 => 

BANK BANK CLAIM-2 CLAIM-2 



Here we have applied the translation of PTNs into rewriting logic suggested in 
m, which is closely related to the translation of PTNs into linear logic I2E1. A 

In fact, here and in the rest of the paper Marking and [Marking] can be identified, 
since the latter does not contain any additional (error) elements (cf. lOEII)- 
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marking is represented as an element of the finite multiset sort Marking. The 
constant empty represents the empty marking and is the corresponding multi- 

set union operator. Associativity, commutativity and identity laws are specified 
as structural equations by the operator attributes in square brackets. For each 
place p there is a constant p, called token constructor, representing a single token 
residing in that place. In fact, under the initial semantics Marking is a multiset 
sort over tokens generated by these token constructors. For each transition t 
there is a rule, called transition rule, labelled by t and stating that its preset 
marking may be replaced by its postset marking. 

As clearly demonstrated by the use of rewrite rules in the above RWS, there is 
an important difference between the reduction rules induced by computational 
equations of a MES and the rewrite rules of a RWS: The relation induced by 
one-step rewrites is in general neither terminating nor confluent, although there 
may be situations where this is the case. Only terminating systems where for 
each initial state there is a unique final state can be described by terminating 
and confluent rewrite rules. Hence this generalization is a practical necessity to 
represent general system models. For instance, the PTN model of the banker’s 
problem has not only infinite executions but also finite ones due to the possibility 
of deadlock. Therefore, the transition system is neither terminating nor confluent 
in this case. 

In order to control the execution of a RWS the user can specify a strategy which 
successively selects rewrite rules and initiates rewriting steps. For instance, in 
the case of the banker’s example it is possible to define an execution strategy 
that avoids states which are necessarily leading to a deadlock such that the 
banker stays always in the “safe” part of the state space. In applications such 
as net execution and analysis the choice of a strategy will be guided by the 
need to explore the behaviour of the system under certain conditions. Strategies 
are well-supported by the Maude engine via reflection |ElIH],i.e. the capability 
to represent rewrite specifications as objects and control their execution at the 
meta-level, which makes Maude a suitable tool not only for executing place- 
transition nets but also for analyzing such nets using strategies for (partial) 
state-space exploration and model checking. 



3.2 Rewriting Semantics in the General Case 

The rewriting semantics that has been explained in terms of the banker’s example 
in the previous section can be conceived as a functor from the category PTN of 
place/ transitions nets to the category SMRWS of symmetric monoidal RWSs 
(SMRWSs) that will be introduced next. The characteristic feature of SMRWSs 
is that their underlying specification has a single rewrite kind [Marking] that is 
specified to be a free commutative monoid over a set of constants. The definition 
of SMRWSs given below is quite restrictive, but is sufficient for the rewriting 
semantics of PTNs. In Section 14.41 SMRWSs will be generalized to provide a 
rewriting semantics for nets with individual tokens. 
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Definition 15. A RWS 7?. is a symmetric monoidal RWS (SMRWS) iff the 
following conditions are satisfied: 

1. is empty. 

2. S-ji contains precisely the following: 

(a) a kind [Marking] together with operator symbols 

empty : — S- [Marking] , __ : [Marking] [Marking] [Marking] ; 

(b) any number of operator symbols of the general form 

p : — ^ [Marking] ; 

(c) the parallel composition axioms 

\f u,v,w : [Marking] . u (v w) = (u v) w, 

\f u,v : [Marking] . u v = v u, 

V u : [Marking] . empty u = u. 

3. Rules in Rq^, do not have conditions and do not contain any variables. 

Given two SMRWSs TZ and TV , a SMRWS morphism H : 7^ — >• 7^' is a RWS 

morphism that preserves [Marking] , empty and SMRWSs together with their 

morphisms form a subcategory of RWS denoted SMRWS. 

In order to obtain a precise definition of the initial model-theoretic semantics 
I(T^) of a SMRWS TZ, it is convenient to define the model-theoretic semantics of 
TZ by means of a MES E(7?.) which has a standard model-theoretic semantics in 
terms of E(7^)-algebras. Having done that, we then define I(T^) as I(E(7^)), i.e., 
as the initial model of E(T^). 

Definition 16. The membership equational presentation of a SMRWS 7^ is a 
MES E(7?.) that extends Sn, the underlying MES of TZ, by the following: 

1. a new kind [RawProc] together with new operator symbols called proof con- 
structors 

id : [Marking] [RawProc] , 

__ : [RawProc] [RawProc] [RawProc] , 

: [RawProc] [RawProc] [RawProc]; 

2. a new operator symbol called atomic proof constructor 

t :— ?■ [RawProc] 



for each rule t : M — >■ A in R-jz; 
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3 . a kind [Proc] with a sort Proc and an operator symbol 

: [RawProc] [Marking] [Marking] [Proc] ; 

4 . a membership axiom 

t: M ^ N 

for each rule t : M ^ N in R-ji, where we introduce the notation 
P : M ^ N as a shorthand for {P : M ^ N) : Proc; 

5 . membership axioms corresponding to the standard inference rules of rewrit- 
ing logic, namely: 

(a) identity. 

id(rt) : u ^ u 

(b) composition: 

a; P : Ui ^ U3 if a : Ui ^ U2 A /3 : M2 — >■ M3 

(c) compatibility of parallel composition: 

Cti 02 : Ml M2 — >■ Ml M2 if Ol : Ml — >■ Ml A «2 : W 2 — >■ U2 

6. equational axioms corresponding to the standard rewriting logic axioms, 
namely: 

(a) identity: 

id(M); a = a if a : u ^ u' 
o; id(M') = a if a : m — >■ m' 

(b) associativity: 

a; iP;i) = (a;/3);7 

if o : Ml — >■ M2 A /3 : M2 — >■ M3 A 'y : U3 ^ U4 

(c) functoriality of the parallel composition operator: 

id(Mi) id(M2) = id(Mi M2) 

(oi; Pi){a2; P2) = (ai 02); {Pi P2) 

if Oi : Ml — >■ Ml A Pi : V\ ^ W\ A 
02 : M2 — >■ W2 A P2 ■ V2 ^ W2 

(d) inherited equations for the parallel composition operator: 

oi (02 03) = (oi 02) 03 

if Oi : Ml — >■ Ml A 02 : M2 — >■ M2 A 03 : M3 — >■ M3 
Oi2 — OL2 OC\ 

if Oi : Ml — >■ Ml A 02 : M2 — >■ u'2 
id(empty) a = o if a : u ^ u' 
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For better readability we leave universal quantifiers implicit: u,u',v,w,Ui,ul,Vi, 
Wi are distinct variables of kind [Marking] and a, are distinct 

variables of kind [RawProc] . 

E can be extended to a functor E : SMRWS — t MES in the obvious way. Fur- 
thermore, composing E : SMRWS ^ MES with the functor Mod : MES — 
Cat°P we obtain Mod o E : SMRWS — Cat°^ which is also denoted Mod : 
SMRWS Cat°P. As usual we write \J h for Mod(R) given a SMRWS mor- 
phism H. 

In this paper we are not interested in the entire algebraic structure of SM- 
RWS models. Instead, our first goal is to relate two different semantics of PTNs, 
namely, the Best-Devillers process semantics and the rewriting semantics of Def- 
inition in terms of SMCs. In other words, the category SMC will serve as a 
common basis and suitable level of abstraction to compare different descriptions. 
Below, the initial models of SMRWSs, that are defined in terms of a functor I, 
will be uniformly mapped into the same domain via a forgetful functor V. 

Definition 17. Let A(Mod) be the Grothendiek construction for the functor 
Mod : SMRWS ^ Cat°P and let tti : r(Mod) ^ SMRWS be the obvious 
projection functor that sends {TZ, A) to TZ. Given a SMRWS TZ we define I(T^) as 
I(E(7^)) and SI(T^) as (7^, 1(7?.)). Given a SMRWS morphism H : TZ ^ TZ' we 
define SI(L7) as the morphism (77,1(77)) : (7?, 1(7?)) — (7?', 1(7?')) with 1(77) 
the unique morphism 1(77) : 1(7?) — >■ U//(I(7?')) guaranteed by the fact that 
1(7?) and Uij(I(7?')) are objects in Mod(7?) with the former being initial. In 
this way we have defined a functor SI : SMRWS — S’(Mod) that is left adjoint 
to TTl. 

Let V : S(Mod) — >■ SMC be the forgetful functor which sends (7?, A) to the 
SMC defined as follows: The sets of objects and arrows are | [Marking]]^ and 
|Proc]^, respectively. Arrow composition is l-p]^ and identities are |id]^(m) 
for m G I [Marking] ]^. The monoidal operation and its identity are given by 
1—]^ and |empty]^, respectively. Given a morphism (77, /i) : (7?, A) — >• (7?', A') 
in A (Mod) we define V(77,/i) as the SMC morphism given by the obvious 
restriction of h. 

The rewriting semantics of PTNs is then defined as follows: 

Definition 18. Given a PTN Af the rewriting semantics of Af is the smallest 
SMRWS R(AA) such that: 

1. contains a token constructor 

p : [Marking] 



for each place p € Pat; 
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2. R(A/") has a label t and a rule called a transition rule, namely, 

t : ... Pm---Pm^ Pi ■■■Pi ■■■ Pm ■■■Pm 

W(pi,t) W{pm,t) W{t,pi) W(t,Pm) 

for each transition t € TV assuming Pj^ = {pi, . . . ,Pm} with distinct pi. 

R can be extended to a functor R : PTN — SMRWS that maps each PTN 
morphism H \ M ^ M' to the unique SMRWS morphism G : R(A/”) — ?> R(Af') 
with Grit) = H{t) for each t £ T^y and Gs{p) = H{p) for each p G Pjy. 

The main result in this section states that for a PTN J\f the Best-Devillers 
process semantics BDP(A/") coincides with the initial semantics of R(Af) in the 
strongest possible categorical sense of a natural isomorphism. 

In fact, this theorem is closely related to and can be proved using a result in m 
(Theorem 27), which states that the monoidal category CP{Af) of concatenable 
processes and a monoidal category V{M) defined by an inductive equational 
definition are isomorphic. Both CV(Af) and V{Af) are not symmetric, but they 
still enjoy certain symmetries. For an exact definition of CP{Af) and V{Af) we 
refer to m 

The difference between Theorem 27 in m and Theorem Q below is that: (1) 
Theorem Q is about Best-Devillers processes which are more abstract than con- 
catenable processes, (2) it uses rewriting logic instead of giving a direct inductive 
equational definition, and (3) it states a natural isomorphism instead of just an 
isomorphism, that is, we use not only categories in the small, but we also aim 
at a systematic categorical treatment in the large. 

Theorem 1. There is a natural isomorphism r : BDP — >■ V o SI o R between 
the functors BDP : PTN ^ SMC and V o SI o R : PTN SMC (with R : 

PTN ^ SMRWS and V o SI : SMRWS ^ SMC). 

In particular, the previous theorem entails that for each individual PTN we 
have precisely characterized Best-Devillers processes in rewriting logic via R as 
stated by the corollary below. As a byproduct we have obtained a corresponding 
characterization in membership equational logic via E. 

Corollary 1. The rewrite specification R(A/”) provides a sound and complete 
axiomatization of the Best-Devillers processes of the PTN Af. 

Again, this is closely related to Corollary 33 in m which states that the pre- 
sentation of an SMC denoted by T{Af) provides a complete and sound axiom- 
atization of Best-Devillers processes. Similar to the category V{Af) mentioned 
before, T{Af) is given by a direct inductive equational definition, whereas here 
we use the SMRWS R(A/”) to express the same category. In other words we use 
rewriting logic to equip the presentation of T (Af) itself with a first-class formal 
status. 
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3.3 Petri Nets with Test Arcs 

In this section we illustrate how the techniques for giving a rewriting logic se- 
mantics to place/transition nets can be extended to deal with the important 
class of place/transition nets with test arcs [il tlbiSl/rSII b) . Petri nets have been 
equipped with test arcs (also called read arcs, or positive contexts in contextual 
nets m) to naturally model cases where a certain resource may be read without 
being consumed by a transition, such as in a database system where multiple 
users are allowed to simultaneously read the same piece of data. In contrast to 
ordinary arcs, several test arcs are allowed to access the same token in the same 
concurrent step, but a token accessed by a test arc may not be accessed by an 
ordinary arc in the same stepl^Test arcs cannot change the marking of a place. 

Formally, a place/transition net with test arcs Af is a place/transition net to- 
gether with a set of test arcs TAj^ C Pj^ x TV. We define the context function 
Ota '■ -A- M on finite multisets e of transitions by dTA{e.){p) = 1 if there is a 

transition t S e with {p, t) G TAj,/, and by dTA{e){p) = 0 otherwise. The step se- 
mantics of a place/transition net with test arcs is defined as for place/transition 
nets (see Section OD with the modification that for mi A m 2 to hold we require 
additionally that, for each place p G Tw, dTA{e){p) < m{p). 

We propose a rewriting semantics for a place/transition net with test arcs, de- 
fined in terms of a rewrite specification R(Af) similar to the one in Definition II iSI 
but specifying tokens by means of a kind [Place] and two operators [-],(-) : 
[Place] -A- [Marking] so that a token residing at place p is represented by the 
term [p] . An occurrence of [p] may not be shared by more than one rewrite at 
the same time; to allow simultaneous rewrites with read-only access to a token 
at place p, we consider a token [p] to be equivalent to an arbitrary number of 
read-only tokens of the form (p). This can be accomplished, using a technique 
described in jS!I|, by adding to our specification R(A/’) an operator {- | - } : 
[Marking] [Nat] -A [Marking] and two “copying” axiom^ 

[p] = {p I 0} and {p I n} = {p I n -P 1} (p), 

where p and n are variables ranging, respectively, over [Place] and [Nat] . 

A transition t which consumes the tokens ai, . . . , a„, produces the tokens 61 , ... , 
bm, and “reads” the tokens ci, . . . , Cfc, is modeled by a rewrite rule 

t : [oi] . . . [a„] (ci) . . . (cfc) — [ 61 ] . . . [&„] (ci) . . . (cfc). 

The database example in Figure 0 taken from PEI, where multiple users may 

® This last restriction is omitted in some definitions of Petri nets with test arcs (see 

e.g. izg). 

® The counting of the read-only copies and their read-only use guarantee that all the 
copies must have been “folded back together” in order for the original token to be 
engaged in a transition that consumes the token. 
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Fig. 2. Small database example using test arcs. 



read some data simultaneously, but where only one at a time is allowed to update 
the data, is, therefore, modeled in rewriting logic by the following rules: 

READ : [ReadReq] (Data) — > [DataRead] (Data) 

UPDATE : [UpdReq] [Data] — ^ [UpdDone] [Data] . 

Let R.(A/”) be the rewrite specification representing a place/transition net with 
test arcs M as explained above, and for any marking m in A/", let denote the 
term of kind [Marking] which contains exactly m(p) occurrences of the term 
[p] for each place p in M . Then, there is a step mi A m 2 in A/” iff there is 
a one-step concurrent rewrite a : m\ — > m\ in R(A/”), where, in addition, the 
step e can be extracted from the proof a. Furthermore, as in Definition czi we 
can define a functor that associates with R(A/") a symmetric monoidal category 
determined by the initial semantics. This provides a categorical semantics for 
all the concurrent computations of the net J\f that is closely related to the one 
recently proposed by Bruni and Sassone in HS|. 



4 High-Level Petri Nets 



We use the term high-level Petri nets to refer to a range of extensions of PTNs by 
individual tokens, a line of research that has been initiated by the introduction 
of predicate/transition nets in j22ElE3- High-level Petri nets make use of an 
underlying formalism, such as first-order logic in the case of predicate/transition 
nets, to describe the information that is associated with each token and its trans- 
formation. Colored net^ introduced in m are another quite general model of 
this kind with a more set-theoretic flavour. They generalize PTNs in such a 
way that tokens can be arbitrary set-theoretic objects. Quite different from, 
but closely related to, colored nets are high-level Petri nets that use an alge- 
braic specification language as an underlying formalism I75ltii7titiblti4lti5l22l5l . 
In this paper we subsume such approaches under the general notion of algebraic 



^ In fact, the nets introduced in m are called colored Petri nets (CPNs), but this 
name has later been used for the more syntactic version introduced in m, which is 
also the sense for which we would like to reserve this term (see below). 
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net specifications, parameterized over an underlying equational specification lan- 
guage. The main feature that algebraic net specifications have in common with 
predicate/transition nets is that an algebraic net specification does not necessar- 
ily specify a single colored net, but instead denotes a class of colored nets that 
satisfy the specification. In the following we first define colored nets, and then 
we introduce algebraic net specifications over MEL, a straightforward general- 
ization of algebraic net specifications over many-sorted equational- logic (MSA) . 
Both, algebraic net specifications and rewriting logic are specification formalisms 
that admit a variety of models. From an even more general point of view that 
is only briefly sketched in this paper, one can define colored net specifications 
parameterized over an underlying logic. In fact, predicate/transition nets can 
essentially be regarded as colored net specifications over first-order logic. From 
this more general point of view we restrict our attention in this paper to the par- 
ticular class of colored net specifications over MEL, that we also call algebraic 
net specifications (over MEL), to establish a systematic connection to rewriting 
logic (over MEL). Later, in Section 0, we will discuss how other high-level Petri 
net extensions can be covered as generalizations or variants of our approach. 



4.1 Colored Nets and Colored Net Specifications 

Algebraic net specifications will be introduced later as a formal specification lan- 
guage for colored nets. In the following we define the most general set-theoretic 
version of colored nets PHI. We also give a suitable notion of colored net mor- 
phism and we use CN to abbreviate the resulting category of colored nets. 

Colored nets are nets with places, transitions, and arcs inscribed with additional 
information given by functions C and W. The color set C(p) of a place p is the 
set of possible objects p can carry. The color set C(t) of a transition t can be 
seen as a set of modes in which t may occur. The arc inscription W defines a 
multiset of objects ( “colored” tokens) that are transported by an arc when the 
associated transition occurs. In fact, this multiset may depend on the mode in 
which the transition occurs, which is why W{p,t) and W{t,p) take the form of 
functions in the definition below. 

Definition 19. A colored net (CN) Af consists of: 

1. a finite net Nj\f, 

2. a set of color sets CSj\f, 

3. a color function Cj\f : P_\f U Tjy — >■ CSj\f; and 

4. an arc inscription Wj^ on Efy such that 

Wj^{p,t) : Cj^{t) -)■ CV(p)®, and WV(t,p) : Cj^{t) -)■ CV(p)®. 

ITa/ is extended to a function on (Pj^ x Tfy) U (T_a/ x Pj,f) in such a way that 
{p,t) ^ Fj^ implies Wj^{p,t){h) = 0 and {t,p) ^ implies Wfy(t,p)(&) = 0 
for each b G C_\f{t). 



Rewriting Logic as a Unifying Framework for Petri Nets 273 



Let J\f and J\f' be CNs. A CN morphism H : Af ^ Af' consists of a net morphism 
Hn '■ N_\f — >• and functions ■ C_\f{x) — >■ Cj\fi{Hiq{x)) for each x G Pj^f U 

Tj^ such that: 

1. Wj^,{p' ,t'){Ht{h)) = Hp^{Wj^{pi,t){h)) ® ... ® Hp^{Wj^{pn,t){h)) 

for all p' G PaAg S Ta/g i G b G C{t), 

and {pi, . . . ,pn} = H^^(p') fi 't with distinct pp, 

2. W^,{t',p'){Ht{b)) = Hp,{WMt,pi){b)) (B ... (B Hp^{W^{t,pn){b)) 

for all p' G P^f', t' G TVg ^ b G C'(t), 

and {pi, . . . ,pn} = H^^{p') fl t' with distinct pi. 

CNs together with their morphisms form a category denoted by CN. 

CNs generalize PTNs. The two dual objects of generalization are places and 
transitions. PTNs arise as the special case in which C{x) is a singleton set for 
each X G P U T . This gives rise to an obvious inclusion functor l : PTN — >■ CN. 

Although CNs can be seen as a generalization of PTNs, there is a more funda- 
mental justification for introducing CNs, namely, that a CN is just a convenient 
abbreviation for a typically rather complex PTN EHE2I- Indeed, this connection 
can be exploited to lift low-level concepts such as markings, safe processes, and 
Best-Devillers processes to the higher level. This is achieved by the following 
flattening functor (_)^ : CN — >■ PTN which associates to each CN the PTN 
obtained by “spatial unfolding.” We call this operation flattening to clearly dis- 
tinguish it from “temporal unfolding” which generates the processes of a PTN 
as we defined them earlier. 

Definition 20. Given a CN Af, we define the flattening Af^ of Af as the unique 
PTN that satisfies: 

1- = {(P) c) I p G Pm, c G Cm{p)}-, 

2. T^\, = {(t, b) \ t G T_\f , b G C_\f{t)}; 

3. Wjpb{{p,c),{t,b)) = WV(p,t)(&)(c); and 

4. Wjpfl{t,b),{p,c)) = WM{t,p){b){c) 

for p G Pm, c G Cm{p), t G Tm, b G CM{t)- 

Flattening is extended to a functor (_)*’ : CN — >■ PTN as follows: Given a CN 
morphism H : Af ^ Af , the PTN morphism H'’ : Af'’ ^ Af^ is given by 

1. H'’{{p,c)) = {Hn{p),Hp{c)), 

2. H\{t,b)) = {Ht,{t),Hflb)) 

for p G Pm, c G Cm{p), t G Tm, and b G CM{t). 

It is important to point out that although we have defined the notion of a col- 
ored net, we have not yet introduced a notion of finite specification of colored 
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nets. This is unsatisfactory if we want to reason about colored net specifica- 
tions instead of just reasoning about colored nets. It is also unsatisfactory if we 
want to apply tools for execution, analysis and verification of colored nets, since 
such tools rely on a finitary, formal specification. Although a formal inscription 
language can be obtained by a formalization of set theory, such an enterprise is 
cumbersome and is of little help when we are interested in effective net execution 
and analysis. Also, the direct use of formalized set theory for specification and 
verification purposes is not very convenient and could be compared with the use 
of a low-level programming language. 

Colored Petri nets, a more syntactic, finitary version of colored nets based on 
an underlying programming language, are proposed in . A remarkable point 
is that this definition leaves open the particular choice of the underlying pro- 
gramming language. We use CPN£ to abbreviate the class of colored Petri nets 
over a programming language C. A quite well known instance of this definition 
is CPNml, the class supported by the execution and analysis tool Design/CPN 
m that employs the functional programming language ML. Appart from their 
operational flavor, the essential characteristic of colored Petri nets is that each 
colored Petri net denotes a single well-defined colored net in the above sense. A 
more logic-oriented view of colored nets (which emphasizes classes of models) is 
given by colored net specifications that are introduced subsequently. 

As a useful concept, we informally introduce colored net specifications (CNS) 
which capture the essential idea shared by predicate/transition nets and alge- 
braic net specifications, namely, that they denote an entire class of colored nets 
instead of just a single one. In fact, there is a general concept of CNSs that 
is parameterized by an underlying logic. A logic has a deductive system and a 
model-theoretic semantics, a concept that can be formalized by general logics 
m which contain institutions as the model-theoretic component. We denote 
by CNS£ the class of colored net specifications over the underlying logic £. Pos- 
sible candidates for £ include equational logics such as many-sorted equational 
logic (MSA), order-sorted equational logic (OS A), or membership equational 
logic (MEL). We refer to CNSs over such equational logics also as algebraic net 
specifications (ANS), and we denote by ANS^ the class of algebraic net spec- 
ifications over £. Obviously, there are other possible choices for the underlying 
logic, such as full first-order logic (as in predicate/transition nets), a version of 
higher-order logic, or a higher-order algebraic specification language (as in PH). 



4.2 Algebraic Net Specifications 

In the following we use the term algebraic net specification (ANS) to specifically 
refer to ANSs over MEL, since MEL is sufficiently expressive to cover other 
commonly used algebraic specification languages such as MSA and OSA |SI]. 
The use of MEL is particularly attractive, because it is weak enough to admit 
initial models. Indeed, under the initial semantics (which can be internally spec- 
ified using constraints in the data subspecification) an ANS denotes a unique 
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CN. Another benefit of the use of membership equational logic is that, under 
the restrictions mentioned in Section EH it comes with a natural operational 
semantics (which is actually implemented in the Maude engine) so that it can 
be used directly as a programming language or, more generally, as a metalan- 
guage to specify the logical and operational semantics of other specification or 
programming languages. As a consequence, colored Petri nets in CPN£ which 
use £ as a programming language can be seen as a special case of algebraic net 
specifications in ANSmel if the semantics of £ can be specified in MEL. 

Due to the fact that MEL generalizes MSA in an obvious way, ANSs over MEL 
are a straightforward generalization of ANSs over MSA, i.e., many-sorted alge- 
braic net specifications. Disregarding the issue of the underlying specification 
language, the definition we give below is equivalent to the one in @m3i, gener- 
alizing m by so-called flexible ares, which transport variable multisets of tokens 
in the sense that the number of tokens transported by an arc is not fixed but 
can depend on the mode in which the associated transition occurs. Later, in 
Section 14.. 'tl we will illustrate by means of an example how an executable subset 
of the specification language can be used to obtain executable specifications of 
net models. 

An ANS presupposes an underlying specification that has a multiset kind for 
each place domain. Hence we introduce a generic notion of multiset specification 
first. 

Definition 21. A MES of finite multisets over a kind k consists of: 

1. a MET having kinds k and [FMSfc] with operator symbols 

empty^, : [FMSfc] , 
single : k [FMSfc], 

__ : [FMSfc] [FMSfc] ^ [FMSfc] ; 

equational axioms 

y a, h, c : [FMSfc] . a {b e) = {a b) c, 

V a, & : [FMSfc] . a b = b a, 

V a : [FMSfc] . empty^ a = a; 

2. and a constraint stating that this theory is free over k. 

To simplify notation we write M instead of single(M). To further simplify 
the exposition we assume without loss of generality that | [FMSfc]] = |fc]®, i.e., 
[FMSfc] is interpreted in the standard way, and the operator symbols are inter- 
preted accordingly. 

The subsequent definition of algebraic net specifications should be regarded as 
an instance of CNSs over a logic £ choosing MEL for £. In fact, the only require- 
ments that £ has to meet is that it has a notion of type and that it is expressive 
enough to axiomatize multisets. 



276 Mark-Oliver Stehr, Jose Meseguer, and Peter Csaba Olveczky 



Definition 22. An algebraic net specification (ANS) N consists of: 

1. aMES^A^; 

2. a finite net 

3. a place declaration, i.e., a function Dj^ : Pji^ — >■ assigning a kind Djij-{p) 
to each place p G P_\f such that S_\f includes a MES of finite multisets over 
Dm{p)-, 

4. a variable declaration, i.e., a function Vj,/ on associating to each transi- 
tion t G Tf,f a, kinded variable set V_\f{t)] 

5. an arc inscription, i.e., a function Wjg- on Fj^ such that for p G Pjg', t G Tj^, 

(a) (p,t) G Fj^ implies G Ev(t)) and 

(b) (t,p) G F^f implies WV(t,p) G Tsjv( Kv(t)) ; 

6. a guard definition, i.e., a function GV on with Gj\f{t) being an 5^/- 
condition over Vj,f{f). 

Wjg- is extended to a function on {Pj^j- x T^/) U ( T^/ x P^/) such that {p,t) ^ Fj^j- 
implies t) = empty^^(p) and {t,p) ^ Fj,/ implies HV(Gp) = emptyo^(p) 

for p G Pj^f and t G T^/. 

Let M and Af' be ANSs. An ANS morphism FI : Af ^ Af' consists of a MES 
morphism FIs '■ Sj,/ — >■ Sjg'i of the underlying MESs, a net morphism iJjv : -G 

N_\fr, and a function Fly : V_\f{t) -G V_\f{t) for each t G TV such that x G 
implies Hf{x) G V_\f{t)Hsik) for k G Ksjy and the following conditions 
are satisfied: 

1. Hs{D^f{p)) = Dj^>{Hn{p)) for each p G Pjg-; 

2. Sj,f> V ^ foA'(0 • Hg{Gj^{f)) ^ Gj^GHnG)) for each t G Tj^~, 

3. Sf,/> V ^ • H^{GM{t)) ^ 

W^fp', t') = H*{ Wm(pi, t))... H^{W^f{pn, t)) 
for all p' G P^f', t' G TaA', t G 
and {pi, . . . ,pn} = Hf^^(p') fl 't with distinct pp, 

4. Sjp> V ^ Vjpft) . Hs{Gjp{t)) 

W^ft', p') = Hf{ W^t, Pi)) ■ . . HfiWMt, Pn)) 
for all p' G Pjp', t' G Tjp>, t G Hi^\t'), 
and {pi, . . . ,pn} = Hf^^(p') fl t' with distinct pp 

where Aj : T5Af(foA(^)) ( Ev'(t)) is the common extension of Hs and 

Hy to terms. We assume for the above definition that validity |= has been 
extended to first-order formulae in the standard way. 

ANSs together with their morphisms form a category ANS. 

A typical ANS admits several colored nets as models. Since we want to state 
our results for an arbitrary but fixed model we also consider interpreted ANSs, 
i.e., ANSs together with distinguished data models. We furthermore equip inter- 
preted ANS with a notion of morphism that allows us to express simultaneous 
transformations at the level of the ANSs and at the level of the data models. 
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Definition 23. An interpreted ANS XM = {M, A) consists of an ANS J\f and 
a ^A^-algebra A. An interpreted ANS morphism {H,h) : (Af,A) — >• {J\f',A') 
consists of an ANS morphism H : Af ^ Af' and an interpreted MES morphism 
{Hs, h) : ( 1 S 7 V, A) — >• {Sj^',A'). Interpreted ANSs together with their morphisms 
form a category IANS. 

Interpreted ANSs are considerably richer than CNs, since they contain their 
specification together with a model equipped with a corresponding algebraic 
structure. In this sense they are similar to concrete predicate/transition nets 
and algebraic high-level nets |2S|- In fact, interpreted ANS, concrete 
predicate/transition nets |2I] and algebraic-high-level nets I2ni can be regarded 
as instances of a general notion of interpreted C7V5's0 The transition from inter- 
preted ANSs to CNs can be described by a forgetful functor as follows. 

Definition 24. Given an interpreted ANS (Af,A), the CN semantics of (Af,A) 
is given by the CN CN{Af, A) defined as follows: 

1 . the underlying net AcN(Af,. 4 ) is precisely A_/y; 

2 . the color function CcN(Af,. 4 ) is defined by 
C'cN(Af,y 4 )(p) = {Dm{p)\a for p&Pm and 
CcN(Af ,^)(0 = BN,A{t) for t G Tjy, 

where Bjij- ^{t) is the set of valid bindings of t G Tyy, i.e., 
the set of assignments (3 : V^fit) — >■ A satisfying G_\f{t)', 

3. the set of color sets CSci<!(Af,A) is the smallest set that 
contains all CcN(Af,yi)( 2 ;) for x G P_\f U T_a/; and 

4. the arc inscription ITcN(Af,A) is defined by 
WcNiN, A){p,t)if3) = lWAflp,t)lA,i3 and 
WcTSSiN,A){t,P){P) = lWAf{t,p)jA,/3 

for p G Pat, t G Taj- and assignments (3 : VAf{t) -A A. 

CN is extended to a functor CN : IANS — CN that maps each morphism 
(H,h) : (Af,A) ^ (Af',A') to the morphism G : CN(Af, A) ^ CN(Af',A') 
satisfying G^ = H^i and G^ = hjAj^i^x) for ^ G Pn U TV. 

We lift the flattening functor (_)'^ : CN — PTN to interpreted ANS, denoting 
also by (_)*' : IANS -A PTN the composition o CN. Using flattening we 
furthermore lift BDP : PTN SMC by defining BDP : IANS SMC as 
BDPo (_)^ 

4.3 A Case Study 

In the following we generalize the rewriting semantics from PTNs to ANSs. 
Before dealing with the general case we try to convey the main ideas using 

® To be precise, arc inscriptions have to be restricted, since flexible arcs are not avail- 
able in predicate/transition nets and algebraic high-level nets. 
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a distributed network algorithm as a running example, and we show how the 
rewriting semantics is obtained in this particular but typical case. 

An algorithm which admits a very natural presentation as an algebraic net spec- 
ification is the well-known echo algorithm, also called PIF algorithm (where PIF 
stands for propagation of information with feedback). The algebraic net model 
we use here has been developed and verified in m- 

Given a network of agents with bidirectional channels the echo problem can 
be informally described as follows. A distinguished agent initiates the transmis- 
sion of a piece of information which should be propagated (possibly using other 
agents) to all agents participating in the network. After that the initiator should 
receive feedback about the succesful completion of this task, i.e., that each agent 
has received the information transmitted. 

A possible solution to this problem is modeled by the algebraic net specification 
described below. To focus on the algorithm itself, the model abstracts from the 
concrete information that is transmitted. This information can be easily added 
by refining the messages without major changes to the algorithm. 

We assume that the agents can be distinguished in terms of their identifiers, 
which are modeled by a sort Id. The network of agents is represented as a 
directed multigraph, i.e., as a finite multiset of (directed) channels, where each 
channel is a pair of agent identifiers. In the specification fragment below. Pair 
is the sort of pairs of identifiers and FMS-Pair is the sort of finite multisets over 
such pairs. Finite multisets are equationally axiomatized as discussed before. The 
obvious initiality and freeness constraints for Id, FMS-Id, Pair, and FMS-Pair 
can be specified using (parameterized) functional modules in Maude fl9ll8| . but 
for the sake of brevity we omit the details here. 



sort Id FMS-Id 

Pair FMS-Pair . 

op : Id Id -> Pair . 

op empty-Id ; -> FMS-Id . 
op single : Id -> FMS-Id . 
op __ : FMS-Id FMS-Id -> FMS-Id 
[assoc comm id; empty-Id] . 

op empty-Pair : -> FMS-Pair . 
op single : Pair -> FMS-Pair . 

op : FMS-Pair FMS-Pair -> FMS-Pair 

[assoc comm id; empty-Pair] . 

var X y x’ y’ : Id . 

var fmsp fmsp’ ; FMS-Pair . 

var p p’ ; Pair . 
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To work with a concrete example we assume agent identifiers and a network 
as specified below. Actually, the algorithm is parametric in the choice of agent 
identifiers and in the network topology, the only assumptions being that there is 
a distinguished initiator and that the network is a strongly connected network 
with bidirectional channels. Again this parameterization could be made explicit 
in Maude by viewing the entire specification as a parameterized module which 
can be instantiated, for instance, by the following choices for Id and network^ 

ops i a b c d e : -> Id . 

op sym : Id Id -> FMS-Pair . 
eq sym(x,y) = ((x,y) (y,x)) . 

op network ; -> FMS-Pair . 

eq network = (sym(i,a) sym(i,b) sym(e,b) sym(e,d) 

sym(c,d) sym(c,i) sym(c,a) sym(a,b)) . 

Now we equationally specify three auxiliary functions operating on finite mul- 
tisets of pairs. The first one removes one occurrence of a given pair from a 
multiset of pairs. The other functions out and in will be used with network as 
a first argument: out (network, x) denotes the multiset of messages to be sent 
to neighours of x and, correspondingly, in (network, x) denotes the multiset of 
messages to be received from neighbours of x. 

op : FMS-Pair Pair -> FMS-Pair . 

eq empty-Pair - p = empty-Pair . 
eq (p fmsp) - p = fmsp . 

ceq (p’ fmsp) - p = (p’ (fmsp - p)) if p =/= p’ . 

op in : FMS-Pair Id -> FMS-Pair . 
eq in(empty-Pair,y’) = empty-Pair . 
eq in(((x,y) fmsp) ,y) = ((x,y) in(fmsp,y)) . 
ceq in(((x,y) fmsp),y’) = in(fmsp,y’) if y =/= y’ . 

op out : FMS-Pair Id -> FMS-Pair . 
eq out(empty-Pair,x’) = empty-Pair . 
eq out(((x,y) fmsp) ,x) = ((x,y) out (fmsp, x)) . 
ceq out(((x,y) fmsp),x’) = out(fmsp,xO if x =/= x’ . 

This concludes the MES. We are now ready to define the ANS on top of it. 
Its inscribed net is depicted in Fig. 0 In the center we have a message pool 
MESSAGES modeling messages in transit. The net elements at the top model the 

® If we were interested in (abstract) formal verification rather than (concrete) exe- 
cution we would leave open the interpretation of Id and network and in this way 
obtain an ANS admitting a rich variety of quite different models. 
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activity of the initiating agent i, which is initially in a state QUIET, whereas 
the net elements at the bottom model the activities of all the remaining agents 
which are initially UNINFORMED. More precisely, the activities of initiators and 
non-initiators are the following: 



— After the initiator i sends out a message to all its neighbours (transition 
ISEND) it will remain in the WAITING state until it receives an acknowl- 
edgement message from all its neighbours. If this happens, it will go into 
the TERMINATED state (transition IRECEIVE), i.e., the initiator has locally 
detected that all agents have received a message. 

— After a non-initiator x receives a message from an agent y, it sends messages 
to all its neighbours except for y (transition SEND), and goes into a PENDING 
state, where it remembers that it is pending after receiving a message from 
y. As soon it receives acknowledgement messages from all neigbours except 
for y it goes into the ACCEPTED state (transition RECEIVE). 




The initial marking specificaton mo for our concrete choice of the network is 
given by the terms inside places. It is 

mo(qUIET) = i mo (UNINFORMED) = a b c d e 

mo(WAITING) = empty-Id mo(PENDING) = empty-Pair 

mo (terminated) = empty-Id mo(ACCEPTED) = empty-Id 

In Section 01 we have already discussed a rewriting semantics for the PTN of 
the banker’s problem. Using the echo algorithm we will demonstrate how the 
rewriting semantics generalizes to ANSs. It is worth mentioning that our seman- 
tics is designed to cope with flexible arcs as the ones connected with the place 
MESSAGES in the echo algorithm. 
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The rewriting semantics associated to a RWS extends but does not modify the 
underlying MES of the net, the advantage being that properties established for 
the equational logic specification are preserved and their proofs remain valid. 

As in the PTN case we represent a marking as an element of the kind [Marking] , 

which is equipped with a monoidal structure via the operations empty and 

For each place p we have a token constructor, also written as p, representing 
the fact that a single token resides in place p. A difference with respect to the 
PTN rewriting semantics is that tokens carry data, which is reflected in the fact 
that token constructors are functions instead of being constants. For instance, a 
token HESS AGES (ms g) represents a token carrying the data msg residing in the 
place MESSAGES. So the token constructor can be seen as a function tagging a 
data object with information about the place in which it is currently located. 



sort Marking . 

op empty : -> Marking . 

op : Marking Marking -> Marking 

[assoc comm id; empty] . 

ops MESSAGES PENDING : Pair -> Marking . 

ops QUIET WAITING TERMINATED UNINFORMED ACCEPTED : Id -> Marking . 

When formulating the transition rule for I SEND we are faced with the problem of 
how to translate the flexible arc between I SEND and MESSAGES appropriately. Of 
course we would like to express that the multiset out (network, x) is added to the 
place MESSAGES, but this presupposes an interpretation of places as containers of 
objects which is different from our current one, where tokens are tagged objects 
“mixed up in a soup together with other tokens.” 

An elegant solution is the linear extension of MESSAGES to multisets. For this 
purpose we generalize the token constructor MESSAGES which has been declared 
above to 

op MESSAGES ; FMS-Pair -> Marking . 

and we add two equations expressing linearity of MESSAGES, which will also be 
called place linearity equations: 

seq MESSAGES (empty-Pair) = empty . 

seq MESSAGES (fmsp fmsp’) = MESSAGES (fmsp) MESSAGES (fmsp ’ ) . 

The place linearity equations express the equivalence of different ways of look- 
ing at the same marking of an ANS. So, as indicated by the keyword seq, from 
a high-level specification point of view it is reasonable to assign them to the 
class of structural equations expressing symmetries of the state representation. 
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For reasons of uniformity we generalize the remaining token constructors corre- 
spondingly and we impose corresponding place linearity equations that we omit 
here. 

Now the translation of transitions into rewrite rules can be done in full analogy 



with the rewriting semantics for PTN. Each transition is represented as a rewrite 
rule, also called a transition rule, replacing its preset marking by its postset 
marking. If the transition has a guard, then that guard becomes a condition of 
the rewrite rule. In this way we obtain the following rules: 


rl 


[ISEND] : 


QUIET (x) => 

WAITING (x) MESSAGES (out (network, x))) . 


rl 


[IRECEIVE] 


: WAlTlNG(x) MESSAGES (in (network, x) ) => 
TERMINATED (x) . 


rl 


[SEND] : 


UNINFORMED (x) MESSAGES ( (y, x) ) => 

PENDING ( (x,y) ) MESSAGES (out (network, x)-(x,y)) . 


rl 


[RECEIVE] : 


PENDING ( (x,y) ) MESSAGES (in (network, x)-(y,x)) => 
ACCEPTED (x) MESSAGES ((x,y)) . 



According to our initial explanation a place can be seen as the tag of an object 
which indicates the place the token resides in. This is what we call the tagged- 
object view. The place linearity equations suggest a complementary view which is 
encountered more often in the context of Petri nets: a place is simply a container 
of objects. We call this the place-as-container view. The place linearity equations 
express our intention to consider both views as equivalent. 



4.4 Rewriting Semantics in the General Case 

Generalizing the above example, we now define for an arbitrary ANS its associ- 
ated rewriting semantics. We also show in which sense the rewriting semantics 
is equivalent to the Best-Devillers process semantics of ANSs, which we have 
defined by lifting the Best-Devillers process semantics of PTNs to ANSs via the 
flattening construction. First we generalize symmetric monoidal RWSs (SMR- 
WSs) to extended symmetric monoidal RWSs (ESMRWSs), which will serve as a 
suitable domain for the rewriting semantics. Notice that in ESMRWSs the data 
subspecification is not required to be empty. A second difference w.r.t. SMRWSs 
is that token constructors are extended to multisets and place linearity equations 
are added. 

Definition 25. A RWS TZ is an extended symmetric monoidal RWS (ESMRWS) 
iff the the following conditions are satisfied: 

1. Stz extends 5.^ precisely by: 
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(a) a new kind [Marking] and new operator symbols 

empty : [Marking] , __ : [Marking] [Marking] — t [Marking] ; 

(b) any number of new operator symbols of the general form 

p : [FMSfc] — ?> [Marking] , 

where fc is a kind in such that 

includes a MES of finite multisets over k; 

(c) the axioms for parallel composition 

u,v,w : [Marking] . u {v w) = {u v) w, 
u,v : [Marking] . u v = v u, 

V u : [Marking] . empty u = u; and 

(d) the place linearity equations 

p {empty k) = empty, 

V a, & : [FMSfc] . p{a b) = p{a) p{b) 

for each operator p : [FMS^] — ^ [Marking] introduced above. 

2. Rules in R-ji contain only variables with kinds in S-j^ and have 5.^-conditions. 

Given two ESMRWSs TZ and TZ', an ESMRWS morphism H : TZ ^ TZ' is a, RWS 
morphism that preserves [Marking] , empty and ESMRWSs together with 
their morphisms form a subcategory of RWS that is denoted by ESMRWS. 



Definition 26. The membership equational presentation of an ESMRWS 7?. is a 
MES E(72.) that extends S-ji, the underlying MES of TZ, as explained in Definition 
II HI but modifying items 2 and 4 we have: 

2. a new operator symbol called atomic proof constructor 

t : k ^ [RawProc] , 

4. a membership axiom 

V X . t{x) : M ^ N if <f)i A ... A (fn 

for each rule \/ X . t : M ^ N if A . . . A in R-ji, assuming that x : k is 

a canonical enumeration of the variables X . 

As in Definition ITCl E can be extended to a functor E : ESMRWS — >■ MES in 
the obvious way. 
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Definition 27. An interpreted ESMRWS (72., A) consists of an ESMRWS 72 
and a 5.^-model A. An interpreted ESMRWS morphism (H,h) : (72, A) — >■ 
(72', A') consists of an ESMRWS morphism H : 72 — )■ 72' and an interpreted 
MES morphism (Hjj,h) : (S^,A) — )> (S^,,A'). Interpreted ESMRWSs together 
with their morphisms form a category lESMRWS. 



Definition 28. For an interpreted ESMRWS (72, A) we define Mod(72, A) as 
the subcategory of Mod(72) (i.e. Mod(E(72))), with objects being 72-algebras 
(i.e. E(72)-algebras) A satisfying A\S-jl = A. In fact, this gives rise to a functor 
Mod : lESMRWS — >■ Cat°f’, and again we write \J h for Mod(77) given a 
ESMRWS morphism 77. 



Lemma 1 (Protection Lemma). 

Let (72, A) be an interpreted ESMRWS and consider the obvious inclusion K : 
^ E(72). Then ??ic(A) : A — >• Uif(Fx(A)) is an isomorphism. 

To simplify the exposition assume that the free functor F k bas been defined in 
such a way that ?y_ff(A) becomes the identity and therefore Ux (Fif (A)) = A for 
all (72, A) and K as above. The protection lemma ensures that this is possible 
without loss of generality. 
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Fig. 4. Morphisms in Definition E3 



Definition 29. Let A(Mod) be the Grothendiek construction for the functor 
Mod : lESMRWS ^ Cat°P and let ttj : A(Mod) ^ lESMRWS be the 
obvious projection functor that sends ((72, A), A) to (72, A). Furthermore, let 
(72, A) and (72', A') be interpreted ESMRWSs and let K : ^ E(72) and K' : 

S-j^, ^ E(72') be the obvious inclusions (cf. Fig. EJ. We then define F(72, A) 
as Fif(A) and SF(72, A) as ((72, A),F(72, A)). Given an interpreted ESMRWS 
morphism (77, h) : (72, A) — )> (72', A') with 77 : 72 — ?► 72' and h : A ^ IJ He,{A') we 
define SF(77,/i) as the morphism ((77, /i), F(77) oF i({h)) : ((72, A), F;<- (A)) —>• 
((72',A'),Fif/(A')) where Fx(/i) : Fk(A) ^ F^(Ui/^(A')) and F(77) is the 
unique morphism F(77) : Fiy(Uif^(A')) — >• 15 h(F k’{A')) guranteed by the fact 
that Fx(Uif^(A')) and Uif(Fx'(A')) are objects in Mod(72, U//^(A')), since 
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using LemmalHwe find Ui<-(Fif (^'))) = and Uif(Uff (F k'(^'))) 

= U//^(Uif/(Fx'(^0)) = and by the fact that Y k{\^ Hd{^')) is initial. 

In this way we have defined a functor SF : lESMRWS — ?> if (Mod) that is left 
adjoint to tti. 

Furthermore, let V : if(Mod) — SMC be the forgetful functor, which sends 
((7?.,^),^) to a SMC, defined as in Def. fTTl 



Definition 30. Given an ANS J\f , the rewriting semantics of Af is the smallest 
ESMRWS R(A/’) with an underlying data specification such that: 

1. 5R(7y) contains a token constructor 

V : [FMSrj^(p)] ^ [Marking] 
for each place p € Pjg-; and 

2. R(A/") has a label t and a rule called transition rule^ namely, 

V IV(0 ■ < : (Pi(WV(pi,0) ■ ■ ■ Vm{W^f{pm,t))) ^ 

(pi(WV(CPi)) Pm(WV(CPm))) if Gj^{t) 
for each transition t € Tj^/, assuming Pjy = {pi, . . . , p^} with distinct p^. 

R can be extended to a functor R : ANS — ^ ESMRWS that maps each ANS 
morphism H : J\f ^ J\f to the unique ESMRWS morphism G : R(A/’) — )> R(A/’') 
with Gs{p) = Hff(p) for each p £ Pj^ and Gi(t) = Hf^{t) for each t G T_a/. 

The functor R : ANS — ESMRWS is naturally extended to a functor R : 
IANS lESMRWS sending each interpreted ANS (Af, A) to the interpreted 
ESMRWS (R(A/"),A). Furthermore, R sends each interpreted ANS morphism 
(H,h) : (Af,A) to the interpreted ESMRWS morphism (R{H),h) : 

R(Af,A) ^R(Af',A'). 



Definition 31. Given an interpreted ESMRWS (72., A) we define the flattening 
of (72, A) as the smallest SMRWS (72, A)^ satisfying the following conditions: 

1. For each operator p : [FMSfc] — [Marking] in Sn and for each a £ |fc]^ 
there is a constant : — >■ [Marking] in 5^.^ 

2. For each rule V A . t : M — ?> N if A ... A in R-ji and for each 
assignment (i : X ^ A with A, ^ A . . . A we define functions a and 
(Tp for each operator p as above by 

o'(empty) = empty, a{p{M)) = crp(|M]A./3)), <j{M N) = a{M) a{N), 
o'pd-KIsingleKai), . . . , |single](a™))) = 
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(!__] is naturally extended to an arbitrary number of arguments) 
and we have a rule 

: cr(M) ^ a{N) 

to assuming that a; : fc is a canonical enumeration of X . 

(_)^ is extended to a functor (_)^ : lESMRWS ^ SMRWS as follows: (_)^ 
sends each interpreted ESMRWS morphism {H , h) : {TZ,A) — >■ {JV ,A') with H : 
TZ ^ TZ' and h : A ^ \Jh^{A') to a SMRWS morphism {H,hf : (7?.,^)^ — >■ 
{TZ'.A'i’ defined such that {H ,h)\p^) = and (H,h)\f^) = 

for a = P(x) and all p, t, a, /3, x as above. 

The theorem and the corollary below are stated in complete analogy to the 
corresponding results for PTNs. Indeed the former results can be seen as special 
cases of the latter via an inclusion l : PTN — >■ ANS which is the counterpart of 
L : PTN — CN on the specification level. However, for the proof we exploit the 
opposite direction, namely that TheoremElcan be reduced to TheoremQvia the 
flattening constructions introduced earlier. This can be done by a combination 
of commutative diagrams using the following two lemmas. 

The first lemma essentially states that the rewriting semantics is compatible 
with flattening. Notice the overloading of R and (_)^ 

Lemma 2. There is a natural isomorphism cr : (_)^oR— :>Ro(_)^ between the 
functors (-)^ o R : IANS ^ SMRWS (with R : IANS ^ lESMRWS and 
(_)^ : lESMRWS ^ SMRWS) and Ro (_)^ : IANS SMRWS (with (_)^ : 
IANS PTN and R : PTN ^ SMRWS). 

The second lemma expresses that flattening preserves models at the level of 
abstraction given by SMCs. 



Lemma 3. There is a natural isomorphism p : V o SF — )> V o El o (_)*’ between 
the functors V o SF : lESMRWS ^ SMC and V o El o (_)^ lESMRWS ^ 
SMC (with (_)^ : lESMRWS ^ SMRWS and V o El : SMRWS ^ SMC). 

Now the main result follows from Lemma El Lemma El and Theorem Q 

Theorem 2. There is a natural isomorphism r : BDP — )> V o EF o R between 
the functors BDP : IANS ^ SMC and V o EF o R : IANS -> SMC (with 

R : IANS ^ lESMRWS and V o EF : lESMRWS ^ SMC). 



Proof By composition of natural isomorphisms (see Fig. ED . 



□ 
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Fig. 5. Proof of Theorem 



In analogy to Corollary Q] we obtain: 

Corollary 2. The interpreted RWS R(A/", provides a sound and complete 
axiomatization of the Best-Devillers processes of the interpreted ANS {Af, A). 

Remember that the models we consider here do not only contain Best-Devillers 
processes. They also contain safe processes as an important special case. Safe 
processes are not only a special case of the classical notion of process in Petri 
net theory, but they seem to be sufficient in practice as witnessed by which 
presents a methodology for modeling and verification of distributed algorithms 
based on a version of ANSs that only admits safe processes. 

Another related issue, namely the gap between the individual token philosophy 
and the collective token philosophy which clearly exists at the level of PTNs 
seems to become less relevant at the level of CNs, because of the increase of 
expressivity. We argue that interpreting CNs under the collective token philos- 
ophy is not only simpler and less dependent on the structure of the state space 
but also sufficient in principle, since by a suitable transformation of the CN we 
can equip tokens with unique identities in such a way that each original process 
corresponds to a safe process of the resulting CN0 As we discussed earlier, in- 
dividual and collective token philosophies coincide for safe processes. Non-safe 

One policy to maintain unique identities is to encode the local history, i.e. the in- 
formation about all events in the past cone of a token, in the identity of the token 
itself, and to ensure locally that the identities of the tokens produced by a transition 
are distinct. Of course, it is easy to imagine interesting classes of nets, e.g. object- 
oriented versions of high-level nets, where tokens are already equipped with unique 
identities so that this transformation is not needed at all. 
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processes of the resulting CN are not considered any more. In this sense, the 
individual token philosophy can be seen as a special case of the collective token 
philosophy. Beyond that it may well be adequate for certain applications to mix 
the individual and the collective token views in the same system model, and 
indeed this is possible with the approach that we propose, namely by adopting 
the collective token semantics as a framework semantics and equipping tokens 
with additional identity attributes whenever needed for modeling purposes. In- 
deed this view reveals that individual and collective tokens semantics are just 
two extreme levels of abstraction and there are many intermediate levels that 
can be covered in this way. A good example of a very similar experience giving 
support to this point of view is the work |S2| on a partial order semantics for 
object-oriented systems that, although typical of the individual token philoso- 
phy, is shown to be isomorphic to the rewriting semantics typical of the collective 
token philosophy, thanks to the unique identities of objects and messages. 



4.5 Execution of Algebraic Net Specifications 

First of all we lift the notion of executability from rewriting logic to net spec- 
ifications. We say that a net specification is weakly /strongly executable iff its 
rewriting semantics is weakly/strongly executable. To actually execute a specifi- 
cation it is necessary to have an implementation of a matching algorithm for all 
combinations of structural equations used in the specification. A typical rewrite 
engine such as Maude supports matching modulo all combinations of the laws of 
associativity, commutativity and identity (ACU) [I Dl l 8j . Since the place linear- 
ity equations belong to a class of equations that are typically not supported by 
standard rewrite engines we distinguish in the following between direct execu- 
tion using ACUL-matching (L stands for linearity) and an alternative approach, 
namely execution via ACU-matching, which makes use of a simple semantics- 
preserving translation that can achieve executability without structural linearity 
equations. 



Direct Execution via ACUL- Matching. It is easy to verify that the under- 
lying MES in our example is already in executable form when the place linearity 
equations are seen as structural equations. Still the rewriting specification is not 
coherent and, as a consequence, the net specification is not executable as given. 

A subterm of the form in (network, x) which occurs in the lefthand side of 
the rewrite axiom IRECEIVE can be reduced using the equations for in, so that 
the rewrite axiom is not applicable anymore. An obvious solution is to replace 
the arc inscription in (network, x) of the transition IRECEIVE by a variable 
fmsmsg and to add the guard fmsmsg == in (network, x) to this transition. A 
corresponding modification of the net specification has to be carried out for the 
transition RECEIVE. In the rewriting semantics these changes are reflected by the 
modified rewrite rules given below. 
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var fmsmsg : FMS-Message . 

crl [IRECEIVE] : WAITING (x) MESSAGES (fmsmsg) => 
TERMINATED (x) 

if fmsmsg == in (network, x) . 

crl [RECEIVE]: PENDING ( (x,y) ) MESSAGES (fmsmsg) => 

ACCEPTED (x) MESSAGES ((x,y)) 
if fmsmsg == in (network, x)-(y,x) . 



After this simple semantics-preserving transformation the rewrite specification 
is indeed coherent and therefore strongly executable. To execute the RWS it 
is sufficient to use rewriting modulo associativity, commutativity, identity and 
linearity for the representation of markings. 



Execution Using ACU-Matching. We show in the following that, given 
an executable ANS such as the one we have just obtained, there is an alter- 
native approach to net execution by regarding the place linearity equations as 
computational equations instead of as structural equations. Of course, from the 
viewpoint of the abstract algebraic semantics nothing will change. An immedi- 
ate consequence is, however, that the net specification can be executed using a 
standard rewriting engine such as Maude, without the need for a new matching 
algorithm. 

The first step is to regard the place linearity equations as reduction rules, i.e.. 



eq MESSAGES (empty-Pair) = empty . 

ceq MESSAGES (fmsp fmspO = (MESSAGES (fmsp) MESSAGES (fmsp O ) 
if fmsp =/= empty-Pair and fmsp’ =/= empty-Pair . 

After applying this modification to all place linearity equations the reduction 
rules are terminating (the condition avoids potential non-terminating computa- 
tions) and confluent, yielding an executable equational part of the specification. 

However, as a consequence of the use of place-linearity equations as reduction 
rules instead of as structural equations, the rewrite specification is not coherent 
anymore, because of the rules for IRECEIVE and RECEIVE and the new equa- 
tions above. Again, we can carry out a simple semantics-preserving translation 
by introducing a variable mmsg ranging over markings containing only tokens on 
MESSAGES and satisfying the equality condition mmsg == MESSAGES (fmsmsg) . 
By introducing the inverse inv-MESSAGES of MESSAGES this condition becomes 
inv-MESSAGES(mmsg) == fmsmsg. Therefore, inv-MESSAGES (mmsg) gives us ac- 
cess to the flexible arc inscription fmsmsg. As a result we replace these two rules 
by the following, which make the specification coherent and, hence, strongly 
executable: 
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sorts empty MESSAGES-Marking Marking . 
subsorts empty < MESSAGES-Marking < Marking . 

vars mmsg,mmsg’ : MESSAGES-Marking . 

op empty : -> empty . 

op ; Marking Marking -> Marking 

[assoc comm id: empty] . 

op : MESSAGES-Marking MESSAGES-Marking -> MESSAGES-Marking 

[assoc comm id: empty] . 

op : empty empty -> empty 

[assoc comm id: empty] . 

op MESSAGES : FMS-Pair -> MESSAGES-Marking . 

op inv-MESSAGES : MESSAGES-Marking -> FMS-Pair . 
eq inv-MESSAGES (empty) = empty-Pair . 
eq inv-MESSAGES (MESSAGES (fmsp) ) = fmsp . 
ceq inv-MESSAGES (mmsg mmsg’) = 

( inv-MESSAGES (mmsg) inv-MESSAGES (mmsg ’ ) ) 
if mmsg =/= empty auid mmsg’ =/= empty . 

crl [IRECEIVE] : WAITING (x) mmsg => 

TERMINATED (x) 

if inv-MESSAGES (mmsg) == in (network, x) . 

crl [RECEIVE]: PENDING ( (x,y) ) mmsg => 

ACCEPTED (x) MESSAGES ((x,y)) 
if inv-MESSAGES (mmsg) == in (network, x)-(y,x) . 

It should be clear from this example how the general translation works. It takes 
the form of a conservative theory transformation from the original RWS of an 
ANS executable by ACUL matching to a logically equivalent RWS executable 
by ACU matching. The transformation can be applied to any executable ANS 
satisfying the mild condition that flexible arcs are inscribed by variables, as it is 
the case in the executable version of the echo algorithm^ 

Even though the resulting RWS is strongly executable, a strategy to execute the 
specification or to partially explore the state space can be useful, because of the 
highly nondeterminstic nature of the algorithm. A strategy of this kind can be 
seen as restricting the possible rewrites leading to a subcategory of the original 
category of all rewrites. If the RWS is only weakly executable, as in the example 
discussed in m, the strategy can play an additional role, namely to find suitable 
instantiations for the variables that cannot be determined by matching. 

A more general transformation is possible if we use conditions with matching equa- 
tions, a feature supported by the most recent version of Maude 1213. 
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5 Timed Petri Nets 

This section illustrates how an important class of timed Petri nets can be given 
a rewriting logic semantics. Petri nets have been extended to model real-time 
systems in different ways (see e. g. IllShUtil l. Three of the most frequently used 
time extensions are the following m, from which other timed versions of Petri 
nets can be obtained either as special cases or by combining the extensions: 

1. Each transition t has an associated time interval [lt,ut]. A transition fires as 
soon as it can, but the resulting tokens are delayed, that is, when a transition 
t fires, the resulting tokens are produced after some time delay r S [Zj, ut\- 

2. Each place p has a duration dp. A token at place p cannot participate in a 
transition until it has been at p for at least time dp . 

3. Each transition t is associated with a time interval [It, Ut], and the transition 
t cannot fire before it has been continuously enabled for at least time k- 
Also, the transition t cannot have been enabled continuously for more than 
time Ut without being taken. 

We will not treat the third case in this paper. We will instead cover the first 
two cases as special cases of the interval timed colored Petri net (ITCPN) model 
proposed by van der Aalst p. ITCPNs appear in the context of colored nets, 
but to simplify the exposition and focus on real-time features, we abstract from 
the colors of the tokens and instead have atomic tokens (with timestamps). 



5.1 Interval Timed Petri Nets 

We define a new model called interval timed Petri nets (ITPNs). Our model is 
similar to the interval timed colored Petri net model proposed in P^, but with 
two differences: (1) ITPNs ignore the coloring of the tokens, and (2) ITPNs have 
a notion of concurrent firing of multisets of transitions. 

An ITPN is a PTN where the outgoing arcs are inscribed by time intervals 
denoting the range of possible firing delays of the produced tokens. The set TI 
of all time intervals, in a time domain Time, is the set TI = { [ri, r 2 ] | r\,r 2 S 
Time A ri < r 2 }. 

Definition 1. An interval timed Petri net (ITPN) Af is a PTN together with a 
delay inscription D_\f : Fjg-r\(Tjg- x Pjg-) — >■ TI® verifying \Dj,/{t,p)\ = W^f{t,p). 
The preset function do : TV — P^ is defined, as for PTNs, by do{t){p) = 
Wjij-{p, t), and the postset function d( : Tji^ — (Pa/ x TI)® , where each resulting 
token is equipped with its delay interval, is defined by d({t){p, A) = Djq-{t,p){A). 

The ITPN in Fig. El models a setting where each process performs transition a, 
followed by transition b within time 5 to 10, again followed by transition a time 
4 to 8 thereafter, and so on. Furthermore, each process forks when performing 
transition a (this is modeled by having two arcs from a to q). 
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Fig. 6. An interval timed Petri net. 



In the ITPN model, as in the ITCPN model, we attach a timestamp to each 
token. This timestamp indicates the time when a token becomes available. The 
enabling time of a transition is the maximum timestamp of the tokens to be con- 
sumed. Transitions are eager to fire (i.e., they fire as soon as possible), therefore 
the transition with the smallest enabling time will fire first. Firing is an atomic 
action, producing tokens with a timestamp equal to the firing time plus some 
firing delay specified by the delay inscription. 

In the following, let N be an ITPN. The set of markings Mj\f = {P_\f x Time)® is 
the set of all finite multisets of pairs {p, r) representing the presence of a token at 
place p with timestamp r. The function places : A4^ —>■ which removes the 
timestamps from a marking is defined by places(m)(p) = U(p^r)GS(m) m(p,r). 
The function max : (Mj\f — {0}) — >■ Time which finds the maximal timestamp 
in a non-empty marking is given by max{m) = max{r G Time \ 3p . (p,r) G 
m}. The earliest enabling time of any transition in a marking is given by a func- 
tion EET : Mjg- ^ Time U {oo} defined by EET{m) = mm{max{m') \ 3t G 
Tj^, m' G A4j\f . m' Q m A places{m') = 9o(OI with min(0) = oo. The function 
+ : {Pj^ X TI)® X Time -A {Pj^ x TI)® adds a delay to all the intervals in a mul- 
tiset and is defined by (m+r)(p, [ri -I- r, r 2 -k r]) = T'(pj^j_r 2 ])e 5 (m) rn{p, [n, r 2 ]), 
and (m+r)(p, [r',r"]) = 0 if r' < r. Finally, to relate multisets of tokens with 
timestamps with multisets of tokens with time intervals, we define the special- 
ization relation <l C (P^ x Time)® x x TI)® , where m <\m' holds if and 
only if each token in m corresponds to one token in m' , such that they are in 
the same place and the timestamp of the token in m is in the interval of the 
corresponding token in m' . That is, m<\m' \i and only if either (m = 0 A m' = 0) 
or 3(p, r) G m, (p, [n, r 2 ]) G m' . n < r < r 2 A (m — (p, r)) <1 {m' — {p, [n, r 2 ])). 

An ITPN makes computational progress by applying transitions, thereby con- 
suming and producing multisets of timestamped tokens. A nonempty finite mul- 
tiset of transitions firing at the same time constitutes a (concurrent) step. The 
(concurrent) step semantics of an ITPN Af is given by the labelled transition 
system which has A4jy as states, ST jg- = T^ — {0} as steps, and where the tran- 
sition relation -A C Aijg- x ST jg- x Mjg- is defined inductively by the following 
rules: 
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places (m) = do{t) max{m) = EET{m) m' <\ d*{t)+EET{m) 

* ] 
m ^ m' 



mA-m' m" G EET{m (B m") = EET{m) 

(m © m") A (m' © m") 



mi A m'l m2 A m'2 EET{m\ © m2) = EET{mi) = EET{m2) 

{mi © m2) (m[ © m2) 

A step sequence in A/” is a (finite or infinite) sequence 

C : mg A mi A m2 A ■ ■ ■ , 

where each step represents the simultaneous firing of its transitions at time 
EET{mi-i). The set of all step sequences of an ITPN J\f is denoted . 

Timed Petri nets of type (1) described above, where transitions have durations, 
can be seen as a special case of ITPNs as follows. A transition t with time 
interval [Zt, Ut] which consumes the tokens m and produces the tokens m' can 
be simulated in an ITPN by adding a new place pt, and having a transition ti 
which consumes the tokens m and produces one token at place pt in some time 
in the interval [k,Ut], and another transition t2 which consumes one token from 
Pt and produces the tokens m' in zero time. Timed Petri nets of type (2), where 
each place has a duration dp, corresponds to the special case of ITPNs where 
each token produced at place p has firing delay dp. 



5.2 Representing ITPNs in Rewriting Logic 

Representing Real-Time Theories in Rewriting Logic. We have proposed 
in IB2I a framework for modeling real-time and hybrid systems in rewriting logic 
by means of real-time rewrite theories, and have shown that a number of well- 
known models of real-time and hybrid systems can naturally be specified as such 
theories. Essentially, a real-time rewrite theory should include a sort Time and 
an operator {_} which encloses the global state of the system and is used to ensure 
that time advances uniformly in all parts of a system. In addition to ordinary 
rewrite rules modeling instantaneous change in a system, a real-time rewrite 
theory may contain tick rules of the form I : {t} --A {t'} if C , which model 
time elapse in a system, and where the term ti of sort Time denotes the duration 
of the rule. The total time elapse r{a) of a rewrite proof a : {it} — > {A} is 
defined as the sum of the time elapsed in each tick rule application in a. Even 
though it is useful to highlight the real-time aspects of a system using real- 
time rewrite theories, we have shown that, by adding an explicit clock, such 
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theories are reducible to ordinary rewrite theories in a way that preserves all 
their expected properties. 

In real-time systems, some actions are eager, that is, their application should take 
precedence over the application of time-advancing tick rules. We divide the rules 
of a real-time rewrite theory into eager and lazy rules, and define the admissible 
rewrites m to be the subset of all rewrites satisfying the additional requirement 
that a lazy rule may only be applied when no eager rule is applicable. The Real- 
Time Maude language and tool mm supports the specification and analysis 
of real-time rewrite theories, including the possibility to define eager and lazy 
rules. 



Specifying ITPNs as Real-Time Rewrite Theories. The rewriting logic 
semantics of interval timed Petri nets is based on the rewriting logic semantics 
of untimed place/transition nets given in Section For the sake of simplicity 
of the rewriting logic representation of ITPNs, we choose not to carry the times- 
tamps in the tokens at all times. Instead, a term [p] of sort VisibleMarking 
represents a occurrence of a token at place p that is “visible”, i.e., available for 
consumption. A token that will be visible at place p in time r is represented by 
the term dly(p,r), which has the sort DelayedMarking whenever r 00 A 
token with delay 0 is visible, i.e., dly(p,0) = [p] . The sort Marking is a super- 
sort of the sorts VisibleMarking and DelayedMarking, and denotes multisets 
of these two forms of tokens, where multiset union is represented by juxtapo- 
sition. The function mte takes a term of sort DelayedMarking and returns the 
time that can elapse until the next delayed token becomes visible. The function 
delta models the effect of the passage of time on delayed tokens by decreasing 
their delays according to the time elapsed. 

The rewriting logic semantics of an ITPN Af with Pjy = {pi , . . . , p„} is given 
by a real-time rewrite specification R(A/”), where the underlying MES contains 
an axiomatization of the sort Time of the time domain pb2] - a sort Time Inf for 
the time domain extended with oo, together with the functions +, <, min, and 
— (“monus”), and the following declarations and axioms: 

sorts Place EmptyMarking VisibleMarking DelayedMarking Marking System . 
subsorts EmptyMarking < VisibleMarking DelayedMarking < Marking . 

ops Pi . . . p„ : -> Place . 
op [_] : Place -> VisibleMarking . 
op dly : Place Time -> Marking . 
op empty : -> EmptyMarking . 

op : Marking Marking -> Marking [assoc comm id: empty] . 

op : DelayedMarking DelayedMarking -> DelayedMarking 

[assoc comm id: empty] . 

We will see later that no interesting information about time is lost by this simplifi- 
cation, since the time when a firing of a transition occurs can always be extracted 
from the proof term. 
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op : VisibleMarking VisibleMarking -> VisibleMarking 

[assoc comm id: empty] . 

op : EmptyMarking EmptyMarking -> EmptyMarking 

[assoc comm id: empty] . 

op {_} : Marking -> System . 

op delta : DelayedMarking Time -> Marking . 

op mte : DelayedMarking -> Timeinf . 

vars DM DM’ : DelayedMarking . var VM : VisibleMarking . 
var P : Place . vars X Y : Time . 
cmb dly(P, X) : DelayedMarking if X =/= 0 . 
eq dly(P, 0) = [P] . 
eq deltaCempty, X) = empty . 
eq delta(dly(P, X) , Y) = dly(P, X - Y) . 
ceq deltaCDM DM’, X) = delta(DM, X) delta(DM’ , X) 
if DM =/= empty and DT’ =/= empty . 
eq mte (empty) = oo . 
ceq mte(dly(P, X)) = X if X =/= 0 . 
ceq mte (DM DM’) = min (mte (DM), mte (DM’)) 

if DM =/= empty and DM’ =/= empty . 

The rewrite semantics of an ITPN Af is a real-time rewrite theory R(A/") whose 
signature fl and axioms E define the sort Marking and the functions delta and 
mte. The set of rules of R(A/”) consists of a lazy tick rule modeling time elapse 
and, for each transition t in Tjy, an eager rule 

W{pi,t) W{pn,t) 

/ S Z' s 

t : Lpil . . . Lpil ■ ■ ■ Lpnl ■ ■ ■ Lpnl 

dly(pi,a;i,i) . . . dlyCpi, dly(p„, a;„,i) . . .dlY(pn,Xn,w{t,p„)'> 

^ "V ^ ’V 

W{t,pi) W{t,Pn) 

if (^1,1 < 2 : 1,1 < wi,i) A ... A {h,w{t,pi) < xi^w(t,pi) < ui,w{t,px)) A . . . 

A(^n,l ^ ^ lln.l) A ... A {ln,W(t^Pn) — ^n,W(t^pn) — ’^n,W(t,Pn)) 

where P_\f = {pi, . . . , Pn}, with pi distinct, D(t, pi) is the multiset {[Zi,i, Mi,i], . . . , 
[k,w{t,pi), Ui^w{t,pi)]} for each pi € and the Xij’s are distinct variables of 
sort Time. The following lazy tick rule advances time until the first delayed 
token becomes visible: 

iTi'fc© (. DM^ 

tick: {VM DM} — > {VM delta(DM, mte(DM)} if mte(DM) ^ 00 . 

For example, the translation of the ITPN in Fig. 0 contains the above tick rule 
and the following two instantaneous eager rules: 

a : [p] — ^ dly(q,X) dly(q,Y) if (5 < X < 10) A (5 < Y < 10) 
b : [q] — ^ dly(p,X) if 4 < X < 8. 

The tick rule only needs to compute the time until the next delayed token be- 
comes visible and advances time by that amount. After such a tick, the tick rule 
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is again enabled but, due to its being lazy, it will not be applied if the new vis- 
ible token(s) enable some transition(s) (whose firing in turn could immediately 
trigger further instantaneous transitions). 

Since a step m-% m' of an ITPN does not depend on the firing delays of the 
individual transitions taken in the step, two one-step rewrites {a} : u — > v 
and 1/3} : u — > v should be considered equal — in the sense that we add the 
equivalence t(ri, . . . , r„) = t{r[, . . . , r'^) , for each t € Tj^, as a, further equality 
identifying rewrite proofs — if the multisets of rule labels in a and (3 are the 
same. A timed computation in R(A/") is a finite or infinite sequence 

7i;(5i 72;<52 73)<53 

C : ^0 ^ U2 — ^ • ■ ■ 

with admissible rewrite proofs ji', Si : iti_i — > Ui in R(Af), such that each 7 ^ 
corresponds either to the identity proof or to a sequence of tick applications, 
each Si corresponds to a one-step concurrent rewrite using instantaneous rules, 
and Mo is a term {m;o} with wq a term of sort Marking. The set of timed compu- 
tations in R(A/”) is denoted C(R(A/”)). It follows from the factorization property 
of proofs in rewriting logic |48| that each non-identity admissible ground rewrite 
a : {m;} — > R(A/”)) is equivalent to a rewrite 7 ; S, such that 7 can be re- 

arranged as a finite timed computation, and <5 corresponds to the identity proof 
or to a sequence of tick applications. Furthermore, each (infinite) computation of 
R(A/”), consisting of admissible rewrites involving ground terms of sort System, 
which contains an infinite number of applications of instantaneous rules, can be 
rearranged as a timed computation. 

The fact that ITPNs are faithfully represented in their rewriting logic semantics 
is made precise in the theorem below, which can be used as the basis of a method 
to execute and analyze ITPNs in a tool such as Real-Time Maude iSDEH- 

Theorem 3. Let J\f be an ITPN. Then, there is a bijective function (_) : — >■ 

C(R(A/”)) taking a step sequence of the form to an timed computation of the 
form c (see above for c and ^) such that: 

— Each Mi is a term equivalent to a term of the form {uii}, which consists of 
mi{p, r) occurrences of the term dly(p, r— r( 7 i; <5i; . . . ; 7 i; Si)), for all p and 
r (recall that dly(p, 0) is equivalent to [p]). 

— The transitions fire at the same time in and c, that is, r( 7 i; 5i; . . . ; 7 i+i) = 
EET{mi). 

— The transitions taken (concurrently) in each step are the same. That is, 
each Si is equivalent to a proof term of the form {ei}, where £i is a term 
containing, for each t € T_\f, exactly Ci{t) occurrences of proof terms of the 
form f(ri,...,r„). 

6 Conclusions 

In this paper we have explained in detail how rewriting logic can be used as a 
semantic framework in which a wide range of Petri net models can be naturally 
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unified. Specifically, we have explored how place/transition nets, nets with test 
arcs, algebraic net specifications, colored Petri nets, and timed Petri nets can all 
be naturally expressed in rewriting logic, and how well-known semantic models 
often coincide with (in the sense of being naturally isomorphic to) the natural 
semantic models associated to the rewriting logic representations of the given 
nets. Space limitations do not allow us to explain in detail how other classes 
of Petri nets could similarly be treated. However, we sketch below a number of 
extensions of the ideas presented here that could deal with some of these. 

A question that deserves some discussion is how colored Petri nets based on 
higher-order programming languages such as ML can be formally represented 
and, furthermore, how can they be related to the approach to ANSs presented 
in this paper. One possible answer is to translate each colored Petri net over a 
possibly higher-order language C into an ANS with an initial semantics. This 
reduces the problem to finding a translation of C into membership equational 
logic. The main problem with embedding a higher-order language into a first- 
order framework is the treatment of bound variables and there are different 
solutions. Recently, we have developped CINNI m, a new calculus of names 
and explicit substitutions, to solve this problem in a systematic way, and we 
have applied it to obtain executable embeddings of languages such as the lambda 
calculus and Abadi and Cardelli’s object calculus into membership equational 
logic. 

The step from higher-order programming languages to higher-order specification 
languages can be regarded in some instances as a move from typed lambda 
calculi to higher-order logics. The use of a specification language with higher- 
order capabilities seems to be not only attractive for enhancing the modeling 
and abstraction capabilities, but it can also provide a framework for extensions 
of algebraic specifications by initiality and freeness constraints or first-order 
axioms such as those used in m- Recent experience with representing an entire 
family of pure type systems in rewriting logic EDI indicates that, using rewriting 
logic as a metalanguage, typed lambda calculi and higher-order logics can be 
naturally expressed. By viewing membership equational logic as a sublogic of a 
higher-order logic the approach presented in this paper, including the important 
aspect of executability, naturally extends to the higher-order case. 

Apart from generalizations of the underlying specification or programming lan- 
guage, there is another potential source of Petri net generalizations, namely, the 
structure of the state space. Instead of considering a fiat state space as in ordi- 
nary Petri nets we could choose a hierarchical one, or we could consider exten- 
sions such as macroplaces that can be seen as combining several places into 
a single one from the viewpoint of certain transitions. Also, we could consider 
different kinds of places. For instance, we could distinguish ordinary high-level 
places that carry a multiset of tokens from places that are organized as a queue 
or as a stack. The former idea has been studied in the literature in terms of 
FIFO-nets [[11)141 )l29i2Y| . Rewriting logic seems to be a suitable formalism to 
represent and unify such variations of Petri nets, since the state space can be 
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specified by an equational theory that is entirely user-definable. A related ap- 
proach that allows some freedom in the choice of the state space algebra and 
specializes to different low-level and high-level Petri net classes is presented in 
|E^ . The approach of rewriting logic has the advantage of being more general, in 
the sense that it goes beyond Petri-net-like models and hence provides a bridge 
to formalisms that are quite different from ordinary Petri nets. 



Yet another interesting generalization of Petri nets are different variants of ob- 
ject Petri nets I72l7dl28l74l . where tokens can themselves be nets with their 
own dynamic behaviour. A quite different line of research is the integration of 
object-oriented techniques with Petri nets. As a result there are a number of 
variants of object-oriented Petri nets |fi7p44j . where the tokens are objects ac- 
cording to standard object-oriented terminology. As a unifying generalization of 
both approaches we propose a notion of active token nets. In contrast to object 
Petri nets, tokens can not only be nets but arbitrary objects with an internal 
dynamic behaviour. In constrast to object-oriented approaches to Petri nets, ac- 
tive tokens are not static but dynamic entities. In particular, they can evolve 
concurrently with the overall system behaviour, and they can also interact or 
communicate with each other. It might appear that the complexity of such mod- 
els is beyond the scope of a rigorous formal treatment. However, a closer look 
reveals that the approach to Petri nets via rewriting logic is closer to the ideas 
described above than it might appear at the first sight. In fact, our approach 
can be easily generalized to active token nets by essentially replacing the under- 
lying MES of a net by a RWS. So far we have employed rewrite rules only to 
represent transitions of the net. In order to describe tokens with internal activity 
we could use rewrite rules that transform individual tokens. To capture group 
activity such as interaction (which corresponds to synchronous communication) 
and asynchronous communication we have to add rewrite rules that operate on 
a group of tokens. One possible realization is to view tokens as objects in the 
sense of the rewriting logic approach to concurrent object-oriented programming 
m, where rewrite rules operate on a multiset of objects that are interrelated by 
object references. As we have already pointed out, recent work on partial-order 
semantics for object-oriented systems specified in rewriting logic in this manner 
PH is in fact very close to the safe process semantics of high-level Petri nets. 



In our view, the unification of Petri net models within the rewriting logic logical 
framework is useful not only for conceptual reasons, but also for purposes of 
execution, formal analysis, and formal reasoning about Petri net specifications. 
Using the reflective and metalanguage capabilities of Maude, it is possible to 
build execution environments for Petri net specifications where the language de- 
scription provided by the user and the user interaction could all take place at the 
Petri net level with which the user is familiar. Similarly, the Real-Time Maude 
tool inn could offer corresponding capabilities for executing and analyzing timed 
Petri net models. 
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Abstract. We consider two generalizations of the duality between tran- 
sition systems and Petri nets. In the hrst, transitions are replaced by 
paths, that is partial functions from a fixed set A to states. This allows 
to model continuous and/or hybrid systems when A represents durations. 
In the second generalization actions are considered to have a structure 
given by an algebra. This allows to model, for instance, sequential and 
parallel composition of ordinary actions. In each case the question of 
the existence of a Galois connection is considered in the framework of 
ordered sets and in the categorical setting. 



1 Preliminaries 

Uniform presentations of (extended) Petri nets in which events and markings are 
interpreted jointly in an algebraic structure, e.g. a monoidal category H , an 
ordered group or a partial groupoid H3|, have been put forward by several 
authors. A different, more combinatorial than algebraic, approach to a uniform 
theory for Petri nets was proposed in |2| . The present paper is a follower of this 
work, and an informal review of ideas and results given there may be appropriate 
before telling what we are now looking for. Readers already familiar with 0 or 
0 may skip the rest of this section. 

It was proposed in 0 to represent classes of Petri nets stable under subnets 
by the state graph of a particular net, built by gluing on a common place all 
non-isomorphic nets in the class with one place and one event. For instance, if 
one allows isolated elements in C/E-nets, then there are three non-isomorphic 
C/E-nets with one place and one event. By gluing them on a common place, one 
obtains the net shown in the left part of Fig. The case graph of this net is 
isomorphic to the transition system tq/e shown in the right part of this figure. 

This transition system tq/e gives full information about the way in which 
C/E-nets behave, and it allows to reconstruct their firing rule. The two states 
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Fig. 1. The representative C/E-net and its case graph 



indicate that a condition may take two alternative values in a case: 1 if the 
condition holds, 0 if it does not hold. The transitions labeled input and out- 
put indicate that an event has concession in a case if and only if all its in- 
put conditions and none of its output conditions hold. They indicate more- 
over that the values of these conditions change under firing. The transitions 
labeled unrelated indicate that the unrelated conditions do not play any di- 
rect role for the considered event. If one represents a C/E-net as a flow matrix 
F : C X E ^ {input T output, unrelated}, the firing rule of the C/E-nets may 
now be restated thus: 

M[e)M' iff (Vc G C) M'{c) in tc/e 

All familiar classes of Petri nets, e.g. pure P/T-nets, general P/T-nets, nets 
with inhibitor arcs, etc., may be accommodated in a similar way. Below, we only 
sketch how it works in the case of the pure P/T-nets. 

Pure P/T-nets with one place and one transition are in an obvious bijective 
correspondence with Z. By gluing them on a common place tt, one obtains a 
net with flow matrix F : {tt} x 7Z, ^ 7Z, such that F(t:, z) = z for all z G 
(this represents an arc with weight \z\ from place tt to event z, or from event z 
to place TT, according to the sign of z). The state graph t pjjee-p/t of this net is 
isomorphic to the induced restriction of the Cayley graph of group Z on subset 
of nodes IM. The firing rule for a pure P/T-net with flow matrix F ■. P xT ^ 2Z 
may be restated thus: 

M[t)M' iff (VpGP) MipfSEf M'{p) in tp^b-p/t 

More generally, one can uniformly define new classes of nets in this way, where 
each class is induced by a choice of a deterministic transition systems r. Once 
such a T = (S,I,t), called a type of nets, has been fixed, places take values in 
the set S and each net N = {P, A, F) is fit with a flow matrix F : P x A ^ I. 
The firing rule, as one could expect, is the following: 

M[a)M' iff (Vp G P) M{pf^'> M'{p) in r 

Moreover, the type r of the nets may be reconstructed by applying this firing 
rule to the net ({tt}, I, F) with flow matrix F{tt, l) = b. Let us stress the fact that 
we do not require r to be a group action graph, or whatever kind of algebraic 
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transition system: every deterministic transition system r defines a class of nets 
and the behaviors of these nets. 

What adds interest to this uniform presentation is that it fits nicely with 
the region based synthesis of nets, first proposed by Ehrenfeucht and Rozen- 
berg in the context of C/E-nets 0, and subsequently extended to P/T-nets 
by Mukund uni and by Droste and Shortt |7]. A crucial remark made in [3 is 
that regions of a transition system T = (Q,A,T) w.r.t. a class of nets defined 
by a deterministic transition system t, do coincide with morphisms of transi- 
tion systems from T to r. Consider for instance C/E-nets. A morphism from 
T to Tc/E by definition a pair (cr, ry) made of two maps cr : Q — >■ {0, 1} and 
Tj \ A ^ {input, output, unrelated} such that <j{q)dlA^ <^W) in tc/e whenever 
q-^ q' in T. Therefore, if we set R = then all transitions q-^ q' with a 

common label a do simultaneously leave R (case 77(a) = input) or enter R (case 
77(a) = output), or they do not cross the boarder of R (case 77(a) = output). 
Thus, in terminology of 0, i? is a region. Conversely, every region coincides 
with CT“^(1) for a unique morphism (17,77) : T — >■ TcjE- The case of the pure 
Petri net regions is similar: morphisms (<7,77) : T — >■ Tpy-^ are in bijective corre- 
spondence with maps cr : Q —>■ IN such that cr{q') — a{q) has a constant value for 
all transitions q-^ q' with the common label a, that is with 77(a). 

Building on the above remark, one may extend Ehrenfeucht and Rozenberg’s 
principle of net synthesis to nets over arbitrary type. Given a transition system 
T = (Q, A, T), its counterpart in the class of nets over type r = {S, I, t) is a net 
N = {P, A, F) with set of places P = Hom{T, t) (places are morphisms from T 
to r), with flow matrix F : P x A ^ I defined by F{{a,rj),a) = r]{a) for any 
place (cr, 77) gP and event a € A. The construction may be adapted to initialized 
transition systems (i.e. automata) and nets (i.e. net systems). The counterpart 
of the automaton {Q, A, T, qo) is a net system (P, A, F, Mq) with initial marking 
Mq defined by Mo((cr, 77)) = cr{qo) for every place ((7,77) G Hom{T,T). 

On this basis, an order theoretic Galois connection between automata and 
net systems, parametric on the type of nets r, was established in Automata 
and net systems have a fixed alphabet of events. Net systems are ordered by the 
sub-structure relation, while (deterministic and reachable) automata are ordered 
by (label preserving) morphisms. It was shown in that 

A<J\f* iff AT < A* 

where Af* is the reachable state graph of the net system AA while A* is the net 
system, of type r, synthesized from the automaton A. 

A completely symmetric duality between automata and net systems, also 
parametric on the type of nets r, was established in [^. Moreover, it was ob- 
served there that state graphs may also be constructed from hom-sets. For this 
purpose, the underlying set of r = (S,I,t), i.e. its set of transitions, should 
also be seen as the underlying set of a net {t, {enabled}, F), with a single event 
and with flow matrix F determined thus: P((s— s'), enabled) = l for each 
place s— s' in r. Given any other net (P, A, F') with type r, the transitions 



Generalized Automata and Their Net Representations 



307 



M[a)M' that may be inferred for this net from the firing rule induced by r cor- 
respond to net morphisms from {P,A,F') to {t, {enabled}, F). That is to say, 
every such a morphism is a pair (/3, rj) which consists of two maps (3 : P ^ t 
and 77 : {enabled} — >■ A, and such that F{(3{p), enabled) = F' {p,rj{enabled)) for 
each place p G P. This correspondence entails that M{p) = s and M'{p) = s' 
whenever (3{p) = (s— s'). 

Let us consider C/E-nets for an illustration. Fig. |21 shows a C/E-net (on the 
left), the net version of tc/e (on the right), and a C/E-net morphism (/3, rf) from 
the former to the latter. The morphism depicted is defined by r]{enabled) = b, 

P(pi) = P{P 2 ) = 0) and /^(pa) = 1 ), This morphism represents 

the transition (1, 1, 1) [6) (0,0, 1), or to write it differently, Pi+P 2 +P 3 [^)P 3 - 




Fig. 2. Transitions of C/E-nets as net morphisms 



The transition system tq/e and the C/E-net derived from tc/e (right part 
of Fig. 12) are built on the same underlying set. These two objects which live 
in two different categories form therefore what is called a schizophrenic object. 
Drawing inspiration from Porst and Tholen’s view of concrete dualities induced 
by schizophrenic objects nn, a dual adjunction between transition systems and 
nets, parametric on the type of nets r, was established in j2, namely: 

Hom{T,N*) ^ Hom{N,T*) 

for any transition system T and net N. A Galois connection between subcate- 
gories of initialized transition systems and nets was moreover derived from the 
dual adjunction. In this more complex setting, generality is gained in that the 
alphabet of events of nets needs not be fixed once and for all. 

2 Objectives 

As recalled in the preliminary section, correspondences between automata and 
net systems, uniform in the type of nets, have been established in |3 and |2, 
in the order-theoretic setting and in the categorical setting, respectively. The 
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present paper is an attempt to extend these correspondences to generalized 
transition systems. In doing so, our purpose is twofold. On the one hand, we 
will show that systems more complex than ordinary automata may also be rep- 
resented with nets. This fact was already clear from David and Alla’s proposal 
for continuous nets 0, whose correspondence with continuous automata with 
concurrency is studied elsewhere in this volume jSj. We will examine this and 
other extensions of automata and nets where continuity does not play any role, 
and show that all correspondences may be presented uniformly in the type of 
nets. On the other hand, we will compare the robustness of order-theoretic and 
categorical correspondences between automata and net systems under the per- 
turbation introduced by considering generalized automata. 

The point of view taken in is that in an ordinary transition system it is the 
set of transitions which is central. Namely, one may see an ordinary transition 
system (Q,A,T) as a set of transitions T equipped with a map X : T ^ A 
called labelling, plus two other maps d°,d^ : T — t Q, called source and target, 
resp., such that a transition t = q-^ q' is uniquely characterized by: X(t) = a, 
d^(t) = q and (t) = q' .In this paper we examine two different ways of enriching 
this basic model. 

One way is to replace both, the source and the target maps 9° and d^, with 
a single map d : T ^ {A ^ Q) that assigns to each transition t £ T a partial 
function d{t) with co-domain Q. Here, Z\ is a fixed domain with a distinguished 
element • £ A such that d{t){») is always defined. Intuitively, 9(f) (•) takes 
place of d^{t). Ordinary transitions are thus generalized to functional transitions, 
labelled on A and parametric on A: an action a with actual parameter S leads 
from state q to state q' if there exists some transition t £ T such that 9(f) (•) = q, 
\{t) = a, and d{t){6) — q' . We will not impose any specific interpretation on 
the set of parameters A. The set may represent e.g. durations, or weights, or 
conditions on the environment, etc. Therefore, we do not impose any algebraic 
structure on A nor any specific constraint on partial functions 9(f). This is 
a major difference with the work of Droste and Shortt also reported in this 
volume. They study the correspondence between continuous automata and nets 
for a fixed type of Petri nets, while we study a uniform correspondence between 
functional automata and nets for a many types of nets, including the type of 
continuous nets. In the specific case of the continuous Petri nets, our results are 
not as sharp as theirs. In return, our functional definition of nets allows to cover 
different forms of Petri nets, including notably coloured nets and deterministic 
vector addition systems with states. 

Second way to enrich the basic model of transition systems is to leave the 
source and target maps 9° and 9^ unchanged, but to replace the co-domain of the 
labelling map A : T — >■ A by a If-algebra of complex actions generated from A. If 
the signature S supplies e.g. parallel and sequential composition operators, this 
gives means to represent concurrent processes of nets as transitions in their state 
graphs. Conversely, this gives means to fit automata with fine specifications of 
concurrency, to match when realizing automata by net systems. An illustration 
may already be found in Mukund’s step transition systems and their realization 
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by Petri nets m- As we shall see, one may go further in this way, by considering 
for instance complex transitions labelled with series-parallel pomsets, and still 
obtain a Galois connection between automata and nets, uniform in the type 
of nets. The point here is to show that net synthesis is compatible with finer 
concurrent semantics of nets than the one considered up to now. 

While it is easy to define generalized transition systems, it could be a problem 
to define the associated classes of nets. A major advantage of our uniform view 
of Petri nets is that it makes this task straightforward in many cases. Once 
generalized transition systems have been defined in one way or the other, it 
suffices to equip the type of nets r = (S', /, r) with an adequate structure of 
generalized transition system, without modifying the definition of nets in any 
way. Thus, a net (P, A, F) still comprises a set of places P, a set of atomic 
actions A, and a flow matrix F : P x A ^ I. But the dynamics of nets changes, 
since now it is induced by generalized transitions in a new transition system t' . 
To illustrate this, consider the type t pjjhe-p/t = (IN, r) of the pure Petri 
nets, with transitions t € t satisfying d^{t) = d’^(t) + A(t). One can transform 
T into a M^-transition system r' = (IR'^ , t') as follows. Given t' € t' put 

d{t'){5) = 9(t')(*)-|-i5 X A(t'), whenever the right-hand side is non-negative. Then, 
the induced firing rule for Petri nets is the continuous firing rule of 0 — except 
that no minimal bound is set on durations of firing. For another illustration, 
consider the type Tp/p = (IN, IN x IN,r) of the P/T-nets, with transitions t G t 
satisfying d°{t) > tti o A(t) and d^{t) = d^{t) — tti o X{t) + tt 2 0 X{t). If one equips 
its set of labels IN x IN with component-wise addition, thus getting an enriched 
type of nets, the induced firing rule becomes the usual step firing rule, and state 
graphs become step transition systems as defined by Mukund, with transitions 
labelled in the free commutative monoid over A. 

The remaining sections are organized as follows. Section 0 recalls concrete 
dualities induced by schizophrenic objects and is largely an adaptation of m, 
with notable simplifications. Transition systems parametric on A and their cor- 
respondence with nets are studied in section ^ Transition systems labelled in 
A7-algebras and their correspondence with nets are studied in section]^ Gonclu- 
sions are briefly indicated in section 0 Readers uninterested in categories may 
skip sections 0] H.til and 14.71 



3 Schizophrenic Objects and Dnal Adjunctions 

In this section we give a primer on dual adjunctions induced by schizophrenic 
objects. We shall see in forthcoming sections that many region based dualities 
between nets and automata fit in this framework. For this reason they appear 
as close analogies to classical representation theorems, like Birkhoff and Stone 
representation theorems, most of which do indeed arise from concrete dualities 
induced by schizophrenic objects. 
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3.1 Dual Adjunctions Induced by Schizophrenic Objects 

A typical instance of duality induced by a schizophrenic object is Birkhoff’s 
duality between finite distributive lattices and finite partial orders. Let us recall it 
as an illustrative support before coming to general definitions and constructions. 

Consider a schedule, given as a finite partially ordered set of tasks where a < b 
means that a task a should be performed before a task b. A configuration is a 
downward closed set of tasks: it consists of all tasks that have been performed in 
a particular state of the system. The set of configurations ordered by inclusion 
is a finite distributive lattice where meet and join are given by set-theoretic 
intersection and union, respectively. We call it the lattice of eonfigurations of the 
ordered set. The problem is to decide whether a given finite distributive lattice 
is isomorphic to the lattice of configurations of some finite ordered set. For that 
purpose, consider the extension |o| of a task a in the lattice of configurations, i.e. 
the set of configurations in which it is reported. This extension is a prime filter 
of the lattice of configurations. Indeed, it is a filter, i.e. a non empty upper-set 
closed w.r.t. meet, because the whole set belongs to |a|, a S a; and x Cy imply 
a G y, and finally a G x and a G y imply a G xC\y. By symmetry, its complement 
is an ideal (a non-empty down-set closed w.r.t. join). Thus, it is a prime filter, 
cf. ^2|- Moreover, a < 6 |a| 3 |6|, thus a candidate for representing a finite 

distributive lattice is the set of its prime filters ordered by reverse inclusion. Let 
us call this ordered set the schedule of the lattice. Birkhoff’s theorem asserts that 

any finite ordered set is isomorphic to the schedule of its lattice of eon- 
figurations and any finite distributive lattice is isomorphic to the lattiee 
of eonfigurations of its schedule. 

Birkhoff’s duality between finite distributive lattices and finite partial orders re- 
lies on the schizophrenic object 2 = {0, 1}, viewed as a lattice and as an ordered 
set where 0 < 1. The dual L* of a distributive lattice L, i.e. its schedule, is the 
ordered set of the prime filters F, whose characteristic functions are the lattice 
morphisms \F : L — >■ 2. The dual E* of an ordered set E, i.e. its lattice of con- 
figurations, is the lattice of the downwards closed subsets x, whose characteristic 
functions are the morphisms of ordered sets Xx ■ E ^ 2 . 

More precisely, the dual adjunction asserts that for any ordered set E and 
finite distributive lattice L, the set of monotone maps from E to L* is in bijective 
correspondence with the set of lattice morphisms from L to E* . In fact, both sets 
are in bijective correspondence with the set of satisfaction relations \= C E x L 
such that: 

a ^ 0 a ^ 1 

a \= X Ay O {a \= X and a \= y) 
a \= xV y O {a \= X OT a \= y) 

{a <b and b \= x) => a \= x 

The above conditions are indeed equivalent to the requirement that the assign- 
ment a I— > {x I a 1= x} is a monotone map from E to L* , and also to the 
requirement that xi— >{a|a^x}isa lattice morphism from L to E* . 
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li L = E* is the set of configurations of if, the ordered set E is isomorphic 
to its double dual: E = E** where a G if is identified with eva € E** such 
that Xeva(x) = Xx{a) for every down-set a; G if*. Symmetrically, \i E = L* the 
lattice L is isomorphic to its double dual: L = L** where x G L is identified 
with evx G L** such that Xev^{F) = Xf{x) for every prime filter E G L* . Thus 
both units of the dual adjunction are morphisms with evaluation maps as their 
underlying maps. 

Birkh off’s duality between finite ordered sets and finite distributive lattices 
is an instance of concrete dualities induced by schizophrenic objects. Let us now 
explain the general picture in detail in preparation for section El There, types of 
nets play the role of schizophrenic objects) . 

Definition 1. A Set-category (or category over Set^ is a pair (C,U) where C 
is a category and U : C ^ Set is a functor, called the underlying functor. It is 
a concrete category if U is faithful. 

In most cases the underlying functor will be left implicit. Given an object C, 
notation C G \C\, and an arrow f : C ^ C , notation / G C(C, C"), if C is a 
Set-category we slightly abuse the notation and write uniformly: \C\ and |/| to 
denote the underlying set of C and the underlying mapping of /. 

Let C be a Set-category. 

We recall that the initial lift of a structured source {Cp, fi : X — )> \Ci\)i^i, 
where Cfs are objects of C, and the ffs are mappings from a set X to the 
underlying sets of Cfs, is a corresponding family of arrows fi : C ^ Ct in C 
such that \fi \ = fi (and therefore \C\ = X) and which is initial in the following 
sense. Whenever one has an object C and arrows gi : C ^ Ci in C such that for 
some mapping f : \C \ ^ X and all indices \gi\ = fi o f holds, then there exists 
a unique arrow f \ C ^ C such that |/| = / and gi = fi o f. The following 
definition is an adaptation from m- 

Definition 2 (Schizophrenic Object). A schizophrenic object between two 
Set-categories A and H is a pair of objects (/C^ij/C®) G \A\ x 1131 having the 
same underlying set K = \Ka \ = and such that 

1. for each object A in A, the family {K-z\evA{a) : A{A,Kji) — t iL)ae|A| of 
evaluation mappings defined by: evA{a){f) = |/|(a) has an initial lift {ca{o) : 
A* — >■ lC-z)a^\A\! and symmetrically 

2. for each object B in 13, the family {KA',e.VB{b) : ®(B,/Cb) — >■ has 

an initial lift {cB{b) : B* -G /Cyi)hg|B| . 

Object A* , called the dual of A, is therefore an object of the category 13 whose 
underlying set is the set of A-morphisms from A to the classifying object ICa- If 
K — {0,1} and if A is concrete, then the elements of the underlying set of the 
dual of A can be identified with subsets of the underlying set of A\ |A*| C 
Of course, as an initial lift the dual of an object is only defined up to (a unique) 
isomorphism. However, once those lifts are (arbitrarily) chosen, we obtain a 
functorial correspondence, more precisely: 
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Lemma 1. Let (/Cyi,/CcB) be a schizophrenic object between Set -categories A 
and 23. For every morphism f : A\ ^ A 2 in A, the mapping “composing with 
f” given by /* : A{A 2 ,K.j\) — >■ A{Ai,K.a) where f*{g) = go f, is the underlying 
mapping of an arrow /* : A 2 — 1 A\ in 23 such that the functoriality laws: (1a)* = 
1a* and (/ o g)* = g* o f* are satisfied. 

Proof. Consider g : A 2 ^ /Ca in A., and a £ |Ai|. Then, |eA 2 (l/l(o))l(ff) = 

evA2(lfl(a))(g) = |ff|(|/|(a)) = Iff ° / 1 (a) = evA,(a)lg ° f) = {cvaM) ° Hid) 
i.e., |eA2(l/l(a))| = ewAi (a)o/*. By initiality of (cai (a))ae|Ai| we obtain a unique 
/* : ^2 — 1 Al such that (i) eA2(|/|(a)) = e. 4 i(a) ° /* and (ii) |/*| = /*. Thanks 
to this characterization of /*, the functoriality laws immediately follow. □ 

Lemma 2. Let (/Cai^cb) be a schizophrenic object between two Set -categories 
A and 23. The initial lift (eA(a) : A* -A K.'sfjaeA of the evaluation mappings, 
viewed as a mapping ca '■ |*4| -A 'B{A*, /C-b) is the underlying mapping of an 
arrow Eva ■ A -A A** . 

Proof. For / € |A*| i.e., f : A ^ 1C a in A, and a € lAj one has 

evA*(/)(eA(a)) = |eA(a)|(/) = evA{a){f) = \ f\{a) 

i.e., I/I = evA-{f) o CA, by initiality of (eA*(/))/e|A*|- This gives a unique mor- 
phism Eva ■ A -a A** such that (i) eA*(/) ° Eva = f and (ii) \Eva\ = £a- □ 

Definition 3 (Span). Let JC = (ICa,ICb) be a schizophrenic object between two 
Set-categories A and 23. A tC-span (p £ Span/^(A, E) from A G |yi| to B £ |23| 
consists of families of morphisms {(pa ■ B -A /CcB)oe|A| ond {p^ : A -A /CA)&e|s| 
in 23 and A, respectively, such that for all a £ |A| and b £ \B\ the following 
holds. 

\Pa\{b) = \p\o) 

If A and 23 are concrete categories, then spans coincide with dimorphisms, i.e., 
those mappings p : \A\ x |i?| -A K such that 

1. For all a £ |A| function p(a,—) : \B\ -A K is the underlying mapping of a 
morphism pa from B to /C®, and 

2. For all & G |i?| function p{—,b) : \A\ -A K is the underlying mapping of a 
morphism p^ from A to /Ca. 

For concrete categories, a span is a iC-valued relation between the underlying 
sets of A and B, and it can be represented by a matrix with values in K whose 
rows and columns are indexed by the sets \A\ and |i3|, respectively. Of course, 
Spanj(-(24, i?) = Spanj(-(i3, A), modulo the transposition of matrices. 

Lemma 3 . Let {ICa,ICb) be a schizophrenic object between two Set -categories 
A and 23. There is a bijective correspondence between the hom-set A{A,B*) 
and the set of 1C -spans Spariv-(^, 23) given by the following identities, where 
f£A{A,B*) and p £Span,c{A,B). 

Vo G \A\ Mb £ \B\ Pa = |/|(a) and p'’ = esib) o f 



( 1 ) 
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Proof. For the one hand the identities o clearly determine ip in terms of the 
morphism /, and it is indeed a span because 

\Pa\(b) = \\f\{a)\ (b) = evB{b){\f\{a)) = |es(6) o f\{a) = |/|(a) 

For the converse direction, assume is a span. Then evB{b){ipa) = \ipa\{b) = 
|<p^|(a) i.e., = et)s(&)o</9(_) for every b £ \B\, and the initiality of {eB{b))b^\B\ 

precisely ensures the existence and unicity of a morphism f : A ^ B* verifying 
the identities O- □ 

Proposition 1 (Dual Adjunction Induced by a Schizophrenic Object). 

Let {Kj\_,K'b) be a schizophrenic object between two Set -categories A and 23. 
There is a bijective correspondence A{A,B*) = T>{B,A*) given by the following 
identities, where f : A ^ B* and g : B ^ A* , 

g= f* o Evb and f = g* o Eva (2) 

i.e., the functors (— )* are adjoint to the right with the evaluations as units. 

Proof. By Lemma 0 we have A{A,B*) = Span^(A, B) = SpaU;^-(i3, A) = 
23(5, A*) given by the following identities where f : A ^ B* and g : B ^ A*. 

(Va G |A|)(V6 G |.B|) eB{b) o f = \g\{b) and \f\{a) = eA{a)og (3) 

In order to establish the proposition it suffices to prove that given a morphism 
g : B ^ A*, the morphism f = g* o Eva satisfies the identities 0. For that 
purpose we recall that (by Lemma 0 g* is the unique morphism g* : A** — >■ B* 
such that (i) eA*{\g\{b)) = CB^b) o g* for every b G \B\, and (ii) |(;*| = g*. We 
recall also that (by Lemma 0 Eva is the unique morphism Eva ■ ^ A** such 

that (i) CA-if) o Eva = f for every / G |A*|, and (ii) \Eva\ = £a- Now we can 
proceed to the verification that f = g* o Eva satisfies 0. Indeed, 

1. es(6) o g* o Eva = eA-{\g\{b)) o Eva = \g\ib), and 

2. \g* o EvA\{a) = {g* o €A)(a) = eA(a) o g. 

as required. □ 

We can turn the set of /C-spans into a category whose objects are triples (A, tp, B) 
where ip G Spau;^j(A, B), equivalently, (A, /, B) with / G A(A, B*) or (A, f\B) 
where G 23 (B, A*), and whose morphisms are pairs of reindexing morphisms 
a G A(Ai, A 2 ), and (3 G 23(i?2, Si) such that 

— Va G Ai Vfe £ i ?2 ip'^''^ = if\ o a and {p 2 )\a\a = {pfia ° P, 

— or equivalently /3* ° /i = /2 ° a, 

— or equivalently a* o fl = f{o j3. 

For concrete categories this condition on morphisms reduces to: 



(Va G Ai)(V6 G S 2 ) ipi(a, (3b) = ip 2 {aa,b) 



(4) 



314 



Eric Badouel, Marek A. Bednarczyk, and Philippe Darondeau 



A (resp., ‘B°P) are co-reflective (resp., reflective) full subcategories of Span^^^. 
The kernel of Span^^^ is the full subcategory consisting of those spans (p G 
Spari;(^(A, i?) such that B = A* and A = B* , and it is categorically equiva- 
lent to the respective full subcategories of A and 23°^’ consisting of those objects 
for which units Eva '■ A — ?> A** and Evb ■ B — >■ B** are isomorphisms. This 
equivalence yields a duality between the considered subcategories of A and H. 

3.2 Galois Connections 

Birkhoff’s dual adjunction between finite ordered sets and finite distributive 
lattices is a duality, i.e. the kernel of the dual adjunction is isomorphic to the 
whole of each category. This is not a common case and it is not always easy to 
identify the kernel of a dual adjunction. An interesting case of dual adjunctions 
(not necessarily induced by schizophrenic objects) is when the kernel coincides 
with the respective images of both categories under the adjoint functors. The 
following definition comes from HU. 

Definition 4 (Galois Connections). Let A{A, B*) = Ti{B,A*) be a dual ad- 
junetion with units {Ea ■ A — >■ A**) a^\a\ o,nd {Eb ■ B — ?> i?**)sg|®|. Further let 
3* (the image of 3) denote the full suhcategory of A with objects B* for B G \3\. 
Let the image of A be defined similarly. Then the dual adjunction is a Galois 
Connection whenever one of the following equivalent conditions is satisfied: 

op 

1. It restricts to a duality between the images: 3* = A* , 

2. the arrows {Ea)* are isomorphisms for A G \A\, 

3. their left-inverses Ea* are isomorphisms, 

4-. the arrows {Eb)* are isomorphisms for B G \3\, 

5. their left-inverses Eb* are isomorphisms, 

6. the maps {Ea ■ A — >■ A**) a^\a\ constitute a reflection of A into 3* , 

7. the maps {Eb ■ B — >■ B**)b^\'s\ constitute a reflection of 3 into A* . 

For the sake of an illustration, consider the dual adjunction between topological 

spaces and frames induced by the schizophrenic object 2, viewed as a boolean 

algebra and as a topological space USE]. Recall that a frame is a complete lattice 

with the generalized distributivity law (finite meets distribute over arbitrary 

joins: / A Vi /i = Vi(/ A /i)). For any frame E, let pt{E) be the set of points x 

of E defined as frame morphisms x : F ^ 2. The dual F* of E is the topological 

space {pt{F), 17) with the family 17 of open sets defined by 17 = {Of \ f G F} 

where Of = {x : F ^ 2 \ x{f) = 1}. Conversely, the dual X* of a topological 

space {X, 17) is the frame of its open sets O S 17, whose characteristic functions 

Xo are the continuous maps from {X, 17) to the Sierpihski space 2 (with the 

open sets {0, 1}, {!}, and 0). Frames and topological spaces are connected by a 

dual adjunction Prame(F, A*) = Top(A, F"*). 

By restricting this adjunction at both sides on its kernel, one obtains a du- 
op 

ality Top = Frame between the subcategory Top of spatial frames and the 
subcategory Frame* of sober spaces. So, a frame F is isomorphic to its double 
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dual F** if and only if F is a spatial frame. Now, spatial frames are character- 
ized by two conditions closely similar to the separation conditions for automata 
that we shall encounter in section 21 when replacing regions defined there by 
morphisms a; : F — )> 2. Namely, a frame F is spatial if and only if the following 
conditions are satisfied for all /, /' G F, where / < /' / = / A /'; 

(i) x{f) ^ x(f ) 

(a) f ^ f ^ 3x : F ^ 2 : x{f) = 1 A x{f) = 0 

Condition (i) is the analogue of the state separation property SSP. Condition (ii) 
is the counterpart of the event state separation property essp, when replacing 
the structure of labelled transition system by the structure of partial order. 

4 /1-Parameterized Transition Systems and Nets 

In this section an extension of the dynamic behavior of nets is put forward in 
which the firing of events is parameterized with a fixed set A. At each marking 
M, the partial action of an event e is formalized as a partial function / from A 
to the set of all markings. The intuition is that A provides controls or measures 
on the firing process. To capture the idea that the process of firing e starts at 
M we stipulate that A contains a distinguished element • such that /(•) = Aim 
This functional extension covers indeed many forms of nets or high-level nets. 
In order to give evidence of this and to help intuition before introducing formally 
Z\-parameterized transition systems and nets, we accommodate below David and 
Alla’s Hybrid Petri Nets is the set of durations), coloured Petri nets (A 

is the set of colours), and deterministic vector addition systems with states {A 
is the set of control states) . 



4.1 Hybrid Petri Nets 

Consider a Petri net N = (F, A, F) with set of places F, set of actions A, and 
flow matrix F : P x A ^ (IN x IN), notation F{p,a) = (p*a,a*p). Consider 
next a net system Af = {N,Mq) endowed with a marking Mq that assigns to 
each place p G P some initial value Mq{p) in the disjoint union of sets IR+ 0 N. 
A place p such that AIo{p) G 1R+ is a continuous place, a place p such that 
Mq{p) G in is a discrete place. In case of a continuous place p, let p*a, resp., 
a*p, be interpreted as speeds of consumption, resp., production, of the resource 
stored in p when a is fired. In case of a discrete place p, let p*a and a*p be 
interpreted as fixed numbers of tokens, taken from or put into place p each 
time a is fired continuously. Assume that firing an action for duration 0 is not 
significant. Finally assume some positive constant d such that no action a can 
be fired at a marking M for duration <5 yf 0 unless M{p) > d x p* a for each 
continuous place p. The firing rule of our hybrid nets may now be set as follows. 

^ The strong interpretation of predicates involving partially defined terms is used 
throughout. Thus, /(•) = M holds if and only if /(•) is defined and equals M. 
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Action a may be fired at marking M for duration <5 yf 0 and thereby lead to 
marking M', notation M[a,6)M' , iff for every place p the following hold. 

— p discrete: M{p) > p* a and M'{p) = M{p) — p* a + a*p; 

— p continuous: M{p) > d x p*a and M'{p) = M{p) — S x p*a + <5 x a*p > 0. 

By convention, let M[a,0)M' iff M = M' . Thus, an action a induces at each 
marking M a partial function / from A = IR+ to markings, such that /(•) = M, 
where • = 0, and f{S) = M' if and only if M\a, S)M' . The state graph of J\f may 
be identified with the set of parametric transitions (/, a) defined in this way. 

Let us examine what would be the result of firing an action a for a place p, 
with n = p* a and m = a*p, depending on the kind of the place. 

Let p be a discrete place with contents i € IN. Then p disables firing of a 
for duration 5 yf 0 if either i<n or i — n + m<0. Otherwise, p can change 
its contents toi — n + masa result of firing a. This may be represented by 
a (5-parametric transition {g, (n,m)) labelled (n,m) over set of states IN, where 
g : IR+ ^ IN is the partial map such that ( 7 ( 0 ) = i and for 5 yf 0 either g{S) is 
undefined, if i — n + m < 0, or g(6) = i — n + m, otherwise. 

Assume now p is a continuous place with contents x G IR+. Then p disables 
firing a for duration i5 yf 0 if either x < dxnorx — Sxn + Sxm < 0. Otherwise, 
p may change its contents to x — Sxn + Sxm as a, result of firing of a. This 
may be represented by a (5-parametric transition {h, (n,m)) labelled (n,m) over 
set of states IR+, letting h : IR+ ^ IR+ be the partial map such that h{0) = x 
and for 5 yf 0 either h{6) is undefined when x — Sxn + 6xm<0 or x<dxn, 
otherwise h{S) = x — Sxn + Sxm. 

Let T be the parametric transition system on IR+ © IN assembled from all the 
Z\-parametric transitions of the form {g, (n, m)) or {h, (n, m)). One can see that 
whenever (/, a) is a parametric transition in the state graph of Af, there exists for 
each place p some parametric transition (/p, F(p, a)) in r such that f{S) defined 
implies fp{S) defined and fp{S) = f{S){p). Conversely, given a p-indexed family 
of parametric transitions {fp, F{p,a)) in r and a duration S such that fp{S) is 
defined for all p, there exists a parametric transition (/, a) in the state graph of 
Af such that /p(0) = /(0)(p) and fp{S) = f{S){p) for all p. This shows that the 
state graph of Af is just a synchronized product of |P| copies of the parametric 
transition system r. 

4.2 Coloured Petri Nets 

For simplicity, let us focus our attention on C/E-nets. A coloured C/E-net with 
colour set K is like a C/E-net N = {P, A, F), with set of places P and flow matrix 
F : P X A — >■ {input, output, unrelated}, except that the set of places contains 
not only ordinary conditions taking values in {0, 1}, but also high-level places 
taking values in V{K). A high-level place p is just a compact representation for a 
iL-tuple of conditions (p, k) — holding when k belongs to the value of p. Similarly, 
each event a G A represents a AT-tuple of ordinary events (o, k) . The idea is that 
N should behave like the C/E-net that would be derived by expanding high- 
level places and events such that F(p, (a, k)) = F(p, a) for an ordinary condition 
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p G P, and F{{p,k),{a,k)) = F{p,a) for a high-level place p G P. The firing 
rule of coloured C/E-nets must therefore be the following. An event a may be 
fired at a marking M for a colour k and thereby lead to a marking M' , notation 
M[a, k)M', iff the following hold: 

— p is a condition: 

• F{p,a) = input: M{p) = 1 and M'{p) = 0; 

• F{p,a) = output: M{p) = 0 and M'{p) = 1; 

• F{p,a) = unrelated: M{p) = M'{p)] 

— p is a high-level place: 

• F{p,a) = input: k G M{p) and M'{p) = M{p) \ {fc}; 

• F{p,a) = output: k ^ M(p) and M'{p) = M{p) U {fc}; 

• F{p,a) = unrelated: M{p) = M'{p). 

In addition, let by convention M[a, •)M' iff M = M' . Thus, an event a induces 
at each marking M a partial function / from A = {•} U AT to the set of all 
markings, such that /(•) = M and f{k) = M' iff M[a, k)M' for every colour 
k G K. Given an initial marking Mq : P ^ S, where S = {0, 1} © V{K), the 
state graph of Af = {N,Mq) may be identified with the reachable restriction of 
the resulting set of parametric transitions (/, a) . 

Consider now the Z\-parametric transition system r = (S, I, t) where S = 
{0, 1} © V{K) as above, I = {input, output, unrelated}, and r is the set of all 
Z\-parametric transitions {(j>, i), with 4> : A ^ S and l G I, such that 4>{») G S 
and the following conditions are satisfied for all fc G AT: 

— i = unrelated : 4>{k) = </<(•); 

— i = output : 

• (/)(•) G {0, 1} : (/>(•) = 0 and 4>{k) = 1; 

• (/)(•) G P{K) : k G 'Dom{(j)) iff A: ^ (/)(•) , and then = ^(*) U {k}; 

— i = input : 

• (/)(•) G {0, 1} : (/>(•) = 1 and 4>{k) = 0; 

• (/)(•) G P{K) : k G Vom{(j)) iS k G </)(•) , and then (j){k) = (/){•) \ {k}; 

The state graph of Af may be reconstructed as the synchronized product of 
|P| copies of r, started in the respective states Mq{p): M[a, k)M' if and only if, 
for each place p, there exists in r a corresponding transition {4>p, ip) such that 
(j)p{*) = M{p), Lp = F{p,a), and (j)p{k) = M'{p). More precisely, a parametric 
transition (/, a) of Af such that /(•) = M appears as a p-indexed product of 
parametric transitions {4>p, F{p,a)), where (j>p{») = f{*){p) and the domain of / 
is the intersection of the domains of the <j)p. 

4.3 Vector Addition Systems with States 

Given a deterministic automaton A = (S', A, T, sq), an initialized vector addition 
system controlled by A may be presented as a net system Af = {P, A, F, Mq) in 
which P contains a distinguished control place Pc with initial value Mq(pc) = sq, 
plus ordinary places p with initial values Mo{p) G IN. Let / = A © (S — >■ Z). 
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The entries of the flow matrix F : P x A ^ I are defined thus for all a G A: 
F{pc, a) = a and F{p, a) G {S ^ Z) for ordinary places p. Now, let A = {•}US'. 
Consider the Z\-parametric transition system r = (S' © IN, I, r) where r is the 
set of all parametric transitions (</>, i), with (f> : A S (B^ and l G I, such that 
the following conditions are satisfied for all s G S: 

— i, = a G A : <!>{•) G S , s G 'Dom{(j)) iff s = </>(•) , and sAF^ (j)(^s) in A; 

— L G {S ^ Z) : (p{») G IN , and ^(s) = </>(•) + /,(s) iff (()(•) + t(s) > 0 . 

Using T as the type of Af, one may equip this net with a set of Z\-parametric 
transitions (/, a), defined as p-indexed products of transitions (</>p, Cp) in r, such 
that for every place p: /(•)(p) = i-p = F(p,a), and /(s)(p) = </>p(s) 

whenever /(s) is defined at s G S. This entails that /(s) is defined at at most 
one s, viz. at s = /(•)(pc)- A Z\-parametric transition (/, a) defined at s may be 
seen as a more customary transition (s, M)[a){s' , M') where s— s' in A and 
for every ordinary place p, M{p) = f{»){p) and M'{p) = /(s)(p). One retrieves 
in this way the usual firing rule of vector addition systems with states. 

4.4 .^-Parameterized Transition Systems 

We proceed now with general definitions. Let Z\ be a set of controls with a 
distinguished element • G A. For any set Q let Z\ ^ Q be the set of all partial 
functions / from Z\ to Q such that • G 'Dom{f). Note that the above assignment 
becomes a covariant endofunctor on Set when for a total function a : Q ^ Q' 
we put {A ^ a) f = a o f,for f : A ^ Q. Any f : A ^ Q is called a reaction in 
Q. Clearly, each reaction f : A ^ Q is defined on •, and /, is called the source of 
the reaction. Often in the sequel, notation fs is used in this way to denote f{S), 
and S5m(/) and T>om{f) are used to denote the respective range and domain of 
/. Given two reactions f,g : A ^ Q we say that g extends /, notation f F g, 
when the graph of / is included in the graph of g. That is, T>om{f) C 'Dom(g) 
and g\vom(f) = /• Thus, f < g implies f = g whenever T>om{f) = T>om{g). 

When a set of actions A has been fixed, each pair (/, a) G (A ^ Q) x A 
consisting of an action and a reaction is called a process in Q. The above partial 
order on reactions extends to processes: (/, a) -< {g, b) whenever a = h and f F g. 

Definition 5 (A-transition systems). A system of A-parametric transitions, 
or A-transition system, is a structure 8 = {Q, A,T,d, X) where Q is a set of 
states, A is a set of actions, T is a set of transitions, X : T ^ A assigns to 
each transition an action called its label, and d \T ^ {A ^ Q) assigns to each 
transition a reaction in Q called its effect. The components should satisfy the 
following eondition. 

determinism: Xt\ = Xt 2 and (9ti). = {dt 2 ), implies t\ = t 2 - (5) 

8 is complete if for all q G Q , a G A there exists t G T s.t. (dt), = q A Xt = a. 
8 is reduced when A = 9m(A) and Q = (J{S5m(i9t) | t G T}. 
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The idea of one process extending another can be applied to transitions, letting 
(/, a) whenever (/, a) A {dt, At). Then, © is equivalent to: ti = ^2 whenever 
there exists a process (/, a) with (/, a) -< ti and (/, a) -< t 2 - Condition implies 
that d and A are jointly monic: 

Xti = Xt2 and dti = dt2 implies ti = ^2- 



This amounts to saying that the set T of transitions of § is, essentially, a subset of 
processes, while A and d are the respective projections on actions and reactions. 
In the sequel Z\-transition systems are often presented in the more convenient 
form 8 = {Q, A, T) where it is understood that T C (A ^ Q) x A and d and A 
are the two projections. Clearly, each complete Z\-transition system is reduced. 

Given a Z\-transition system 8 we write Q, A, etc., to denote its set of states, 
its labelling, and so on, respectively. Various sub-scripts and super-scripts are 
carried over to the components, e.g., T/ denotes the set of transitions of 8', etc. 
We let a, b range over A, q range over Q, t range over T, and /, g range over 
A^Q. 



Definition 6 (Z\-transition systems morphisms). A morphism ^ : 8 — 1 8' 

of A-transition systems 8 and §' is a triple (j) = {a, rj, 6) where a \ Q ^ Q' , 
T] : A ^ A' and 9 : T ^ T' satisfy the following condition. 



A- 



T- 



A^Q 






9 



A 



A ^ a 



A' ^ T' ^ A ^ Q' 

X' d' 



Formally, the (weak) commutativity of the diagram above means the following. 



{a o (dt),r]{Xt)) 9t. 



( 6 ) 



Thus, we insist that the transition 9t be an extension of the image via (u, g) of 
the process induced by t. 

From it follows that there is at most one extension per process. Thus, given 
a morphism (cr, ry, 9) the component 9 is uniquely determined by a and g. The 
definition of morphisms can be therefore restated as follows: a morphism is a 
pair (tj, g) such that there exists 9 such that (EJ holds. 

Conversely, the components a and 77 of a morphism are uniquely determined 
by 9 whenever the source of the morphism is reduced. Indeed, to see that in this 
case a is determined by 9 consider q in Q. Then for some transition t there exists 
S such that q = {dt)s. Then, ao(dt) -< d'{9t) implies aq = {ao(dt))s = {d'{9t))s, 
i.e., aq is determined by the value of 9. Thus, the following holds. 

Z\-transition systems with their morphisms constitute a Set-category zi-TS. 
The full subcategory of reduced Z\-transition systems, denoted zi-TS°, is con- 
crete. The underlying functor | • | : zi-TS — ?> Set is given by | (Q, A,T) \ = T and 

I I = 
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4.5 Parameterized Nets and Their State Graphs 

Nets over an arbitrary set I of incidence values may be defined as follows. 

Definition 7. A net over the set of incidence values I is a triple N = (P, A, F) 
where P is a set o/ places, A is a set o/ actions or events, and F : P x A ^ I is 
a flow matrix. N is event simple whenever (Vcc G P) F{x,a) = F(x,b) implies 
a = b. A morphism of nets <f : N ^ N' is a pair cj) = (/3, rj) where (3 : P ^ P' 
and rj \ A' ^ A are linked by the constraint: F(p,r]a') = F' {(5p,a') . 

Nets over I and their morphisms form a category Nets(J) with the composition 
of morphisms defined componentwise, and pairs of identity functions as identity 
morphisms. It is a Set-category when |7V| = P and | (/3, 77 ) | = /3. It has been 
noticed in |2| that the full subcategory of event simple nets, denoted Nets°(J), 
is a concrete category. Now, in order to add some dynamic to the static view of 
nets given so far, let us introduce types of behaviour for these nets, following |2|. 

Definition 8 (Types of nets). A complete (and hence reduced) A-transition 
system r = (S', J, r) is ealled a type (of behaviour) for (all) nets in Nets(/) 
- notation : r G Types(/). 

Let r = (S, /, r) as above, and let P be a set. Consider a P-indexed family 
T = {F G T \ p G P} of transitions of r. Then, the synchronized produet of the 
transitions in F, is a function /\F : A defined as follows. 

'Dom{f\F) = P|{Pom(5t^) \ p G P} and {/\y^)s{p) = {dF)s- 

The following lemma shows that under suitable conditions the whole family can 
be reconstructed from its synchronized product. 

Lemma 4. Consider {t\ \ p G P}, {t 2 \p G P} Qt such that Xt^ = Xt^, for all 
p G P. Then, !\{t\ \ p G P} = A {^2 I P ^ implies t\ = t^, for all p G P. 

Proof. Given p G P, consider t^ and t^- Then, 

{dt{), = /\{t{ I p G P}.{p) = /\{t^ I p G P}.{p) = (dQ. 

Thus, since Xt^ = Xt^ by assumption, t^ = tl) follows by (0. □ 

Now we are ready to formulate the notion of the state graph of a net. 

Definition 9 (State graphs relative to type). A state graph of a net N = 

(P,A,F), relative to type t is the A-transition system SG{N,t) = (S'^,A, T) 
where T Q {A ^ S^) x A is defined as follows. 

(€,a)eT iff {ypGP){3F GT)XtP = F{p,a)A^ = /\{tP\pGP} (7) 

It should be now clear that the above definition captures the intuitions put 
forward in Sect. 14. 1 1 14.21 and 14.31 
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4.6 State Graphs as Duals of Nets 

Given a type of nets r = (S, J, t) , we start now to show that r can be turned 
into a schizophrenic object j ^Nets°(z) )> providing a dual 

adjunction between reduced Z\-transition systems and event simple nets over / 
(by Prop. We actually want more: we intend to show that the dual functors 
obtained in this way capture, respectively, the construction of state graphs of 
nets, and the realization of Z\-transition systems via net synthesis. We go half 
the way in this section, where we establish one of the two conditions imposed by 
Def. 0on schizophrenic objects , namely the existence in zi-TS° of initial lifts of 
families of maps evp evaluating net morphisms from an event simple net N to 
^Nets°(z) corresponding places p of N. 

By definition, a type of nets r = (5, 7,r) is a complete, and therefore re- 
duced, Z\-transition system. Thus we take 3C^_,j,go = r. The underlying set t of 
transitions of 3C^_-j.go may at the same time be considered as the underlying set 
of a net = {t, {enabled}, ¥ ) over I, where ¥{t, {enabled)) = Xt. This 

net with a single event is obviously event simple. Our first observation is that 
for any N, the homset Nets(N, represents the set of transitions of 

the state graph of N. 

Lemma 5. There is a bijection between Nets(iV, and |5'G(iV,r)|. 

Proof. Consider a net morphism (/3, ry) : N — i By construction of 

^Nets°(z) follows that {/3p \ pG P} is a family of transitions of r. Put 
a = rj{enabled). Then, F{p,a) = F{p,r]{enabled)) = ¥{(3p, enabled) = A/3p fol- 
lows, since {13, ij) is a net morphism. Thus, by definition, {/\{Pp \ p G P},a) is 
a transition of SG{N,t). Conversely, any transition (f,a) of SG{N,t) is deter- 
mined by a P-indexed family of transitions of r satisfying (Q. So, given such 
a family {t^ G t \ p G P} we can define (/3, rj) by ^{enabled) = a and (3p = 
Then, clearly, {j3,r}) : N — >■ is a morphism in Nets. Moreover, by 

lemma 21 it follows that there can be only one such family of transitions. Thus, 
the definition of {(3,p) is unambiguous. Finally, by lemma0 the correspondence 
is bijective. □ 

The above observation paves the way to the following result, showing one of the 
two conditions in Def. El 

Proposition 2. Let N be an event simple net in Nets°(7), and let r = {S,I,t) 
be a type for N. The family of evaluation maps {eVp : Nets(iV, — )• 

I^Nets°(z) Dpef* defined by evp{/3,p) = (3p has an initial lift in zi-TS°, and this 
initial lift is isomorphic to SG{N,t). 



Proof. Let S = , Nets{N, 3C^^^^o(^j^),d, where d and A are defined as 



follows : 




( 8 ) 

(9) 



A(/3,ry) = {F{p,r]{enabled)))p^p 
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Then, § is a Z\-transition system. Moreover, for each p € P the pair of projec- 
tions: TTp : — >■ S and Wp : ^ I together with evp constitute a mor- 

phism (j)p = (TTp,Wp,eVp) : § — >■ T. This follows from the observation that 
’’■p ° (A{Pp I P S P}) ^ 9{Pp) for all p in P. First, let us verify that S and 
the 0p’s {p G P) constitute an initial lift of the eup’s {p G P) in the cat- 
egory of Z\-transition systems. Indeed, let §' = {Q' , A' ,T' ,d' , X') be another 
Z\-transition system, and assume there is given a P-indexed family of mor- 
phisms </)p = {(Jp,ilp,dp) : S' — 1 r and a function 9' : T' ^ Nets(7V, 
such that 9p = eVp o 6' for all p G P. It follows from the universal proper- 
ties of products that there exist unique a' : Q' ^ and r{ \ A ^ 
such that a'p = TTp o a' and 77 ^ = zUp o p' . Using the characteristic property 
of net morphisms and the definition of F, one can moreover establish the re- 
lation vjp 0 X 0 9'{t') = vjp o p' o A'(t'). Again from the universal properties of 
products it follows that p' o X' = Xo 9' . The remaining part of (jOj) follows from 
the following observation, where {a'p)p^ p '■ Q' ^ is the mediating morphism. 

(crppep o {d't') A /\{evp{9't') \ p G P} 

Thus, (j)' = {a' , p' , 9') : S' — >■ S is a morphism of Z\-transition systems and S is a 
lift of the family of maps eVp. Since there are no alternative choices for a' and 
77 ', the lift obtained is actually an initial lift N* of the considered maps. Finally, 
by lemma 0 the transitions of SG{N,t) are in bijective correspondence with 
morphisms in Nets(A^, Therefore, N* is isomorphic to the initial lift 

of {eVp : \SG{{N, t) | -)> r)pgp where evp{{f, a)) = {fP, F{p, a)), with fP-.A--S 
given by evaluation of / at p, i.e., {fP)s = fsP- It follows from Q that Am{X) is 
in bijection with A since N is event simple. On the other hand, it follows from 
the assumption that r is complete that both 8 and SG{N,t) are complete, so 
every state in is the source of some transition in both systems. Therefore, 
N* ~ SG{N,t), as required. Finally, N* is reduced since it is complete, hence 
it is the initial lift of the evp's in zi-TS°, as required. □ 



Remark 1. For any net N in the larger category Nets(/), the above proof shows 
that N* is the initial lift of the evaluation maps eVp in the category zi-TS. 



Remark 2. We could in fact establish a more general result. Namely, we could 
prove that the category of Z\-transition systems admits lifts of arbitrary jointly 
monic structured sources, cf. |2J Prop. 12]. 

4.7 Synthesized Nets as Duals of Systems of /^-Transitions 

We will now show that arbitrary structured sources have initial lifts in Nets°(J). 
Hence, in particular, the family of maps evt, for t G t, each map evt evaluating 
Z\-transition system morphisms from 8 to 3C^_.j.go at t, has an initial lift, and 
= ( Al^-TS°!^Nets°(/) ) ^ schizophrenic object (Def. 0). The dual S* of a 
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reduced Z\-transition system § in the resulting adjunction is the net version of § 
with places defined as regions of § and with events defined as equivalence classes 
of actions of 8 that cannot be distinguished by regions of 8 . 

Proposition 3. The categories Nets(/), and Nets°(J) have initial lifts. 

Proof, (i) The category Nets(l) has initial lifts. 

Let {Pi,Ai, Fi) he a family of nets, together with a corresponding family of map- 
pings Pi : P ^ Pi. The initial structure of net on the set P is defined as fol- 
lows. The set of events is the coproduct A ^U^Ai with the associated injections 
iui ■. Ai ^ A. The incidence matrix F : P x A ^ I is the “coproduct” of the ma- 
trices Fi, in the sense that 

Vx € P \/ai G F{x,in^{aj)) = F^{PiX,ai) 

Therefore, each {(it, inf) is a morphism of nets from (P,A,F) to (Pi,Ai,Fi). We 
now verify that this family of morphisms satisfies the required universal prop- 
erty. Let {{Pfg'i) : {P',A',F') — >• (Pi,Ai,Fi)} be another family of morphisms for 
which there exists a mapping p : P' ^ P such that Vi p[ = Pi o p. We have to 
prove that there exists a unique morphism [P,g) : {P',A',F') — >• (P,A,F) such 
that iPfg'i) = iPi,ini) o (P,g). If a solution exists, it is necessarily unique since, 
due to the coproduct structure of the family {%m : Ai — >• A}i, the mapping g is 
fully characterized by the equations 77 ' =goim. We just have to check that the 
pair of mappings (/?, g) is indeed a morphism of nets. Given a G A and x' G P' , 
there exists a (unique) pair {i,af) with m G Ai and a = iuiiai). Now, F{x',g{a)) 
= F{x',g'i{ai)) = Fi{P'i{x'),af) = PPPi o p{x'),af) = F{P{x'),irii{ai)) = F{P(x'),a), 
as required. 

(ii) The category Nets°(J) has initial lifts. 

Let (Pi,Ai,Fi) be a family of nets in Nets°(7), together with a corresponding 
family of mappings Pi : P ^ Pi. The initial structure of a net on the set P is 
defined in two stages. First, as above, we define the net (P, A, F) where A = lJ.Ai 
with injections iui : Ai ^ A and \fx € P 'iai G Ai Fi{PiX,af) = F(x,ini{ai)). It is 
generally not an object of Nets°(7), we thus define the following equivalence 
relation on A 

a = b iff Vx G P F{x,a) = F{x,b) 

We let A= be the set of equivalence classes, with tt : A — >• as the quotient 

map, and we let F= : P x A= — >• 7 be characterized by 

Vx G P A P=(x,7r(a)) = F{x,a) 

Hence (P,A=,F=) is an object of Nets°(7) and the pairs {Pi,TToim) are mor- 
phisms of nets as composite of two morphisms {P, A=,F=) {P,A,F) 

{Pi, Ai,Fi). We now verify that this family of morphisms satisfies the required uni- 
versal property in the category Nets°(7). Let {{Pi,g'i) ■ {P',A',F') — >• {Pi,Ai,Fi)} 
be another family of morphisms in Nets°(7) for which there exists a mapping 

P : P' ^ P such that Vi /3' = Pi o p. By initiality of the lift {(P, A, F) {Pi,Ai, 
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Pi)}, we know there exists a unique mapping t ] : A ^ A' such that {f3, rf) is a mor- 
phism of nets and Vi (/?', r)[) = (f3i, im) o (/ 3 , r]). Let s : A= — >• A be an arbitrary sec- 
tion of 7 T, i.e. 7 T o s = 1a= ■ As (1, s) ■. {P, A, F) — >• (P, A=, F=) is a morphism of nets, 
so is {(3, rjo s) from (P', A', F') to (P, A=,F=). In order to check 77 ' = (?; o s) o (tto 
irii) we use the fact that {P',A',F') is an object of Nets°(7) and notice that Voi 
€ Ai and Va: G P' one has 



= Fi{(3iO p{x),ai) since (3[ = f3io(3 

= F{P{x),ini{ai)) by : {P,A,F) (Pi,A^,Fi) 

= F={P{x),n oimia,)) by (l,7r) : {P,A=,F=) -)> {P,A,F) 
= F{(3{x),sott oim{ai)) by (l,s) : (P,A,F) -)> (P,A=,F=) 

= F'{x, 1 ] os OTTO irii{ai)) by (/ 3 , 77) : (P', A', F') (P, A, F) 



We now assume there exists another mapping rj : A= — >• A' sharing with 77 o s the 
two following conditions : (i) {(3,rj) is a morphism of nets from {P',A',F') to 
(P,A=,F=) and (ii) ri[=fjo {n oim). Then 77 = 77 os because for every element 
a G A= there exists a pair (i, aj where ai G Ai and a = n o imiai) and thus fj{a)= 

770770 im{ai) = 77 o s o 7T o im{ai) = 77 o s(a). □ 



Remark 3. The family of morphisms {(P, A=,P=) (P, A, P)} where {P,A,F) 

ranges over all objects of Nets(J), constitutes a concrete coreflection of Nets(J) 
into Nets°(7). We shall denote N° the coreflection of a net N, i.e. the event- 
simple net associated with N. This general construction will serve soon to syn- 
thesize nets from regions. 

At this stage, we have proven that OC^ = ( 3C^_-pgo , A!Nets°(/) ) is a schizophrenic 
object between the respective categories zi-TS° and Nets°(7) of reduced A- 
transition systems and event simple nets, and also between the larger categories 
zi-TS and Nets(7) (by remark^. Hence, by Prop.m one has dual adjunctions: 

z\-TS°(§,7V*) ^ Nets°(J)(7V,§*) 

zi-TS(§,iV*) ^ Nets(/)(7V,§*) 

We examine further the former adjunction in the rest of this section, and refine 
the latter into a Galois connection in the next section. 

Proposition 4. Let r = (5', 7, r) be a type of nets, and let § = {Q,A,T) be 
a reduced A-transition system. The dual S* of $ w.r.t. the schizophrenic object 
is isomorphic to the net (P,A=,F=) with the set of places P = /i-TS°(§,r) 
-the morphisms in P are called the regions of S- and with the other components 
derived as follows from the application F : P x A^ I given by F{{a, 77 ), a) = r}{a): 
A= is the quotient of A by the equivalence relation 

a = b iff Vx G P F{x,a) = F{x,b) 

and F= : P X A= I is the map induced from F by this quotient. 
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Proof. By Prop. (0,s; = {P,E,F)° is the event-simple net associated with the 
net whose places are the regions of S (i.e. P = zi-TS°(S, r)), with set of events 
E — Ut6T{*} — with flow matrix F : zi-TS°(§,r) x T ^ I given “by 

evaluation on events” (i.e. F{{a,r]),q-^ q') = r]{a)). Hence Tf = (P,T=,F=) 
where = is the equivalence relation given by 

q'l) = ( 92 -^ q'2) iff (V (cr, 77) : § r) 77(01) = 77(02) 

Since there exists at least one transition labelled by each event, (S is reduced), 
the alphabet E= is a quotient of the alphabet of S where two events are identified 
if and only if they are indistinguishable by all regions of S. □ 



4.8 Galois Connection Derived from the Dual Adjunction 
Using Separation Axioms 

We plan to show here that the dual adjunction between Z\-transition systems 
and nets, induced by the type of nets seen as a schizophrenic object, may be 
turned into a Galois connection by imposing on Z\-transition systems adequate 
separation axioms. More precisely, the above will be done within the framework 
of initialized A-transition systems and nets. By associating an initial state with a 
A-transition system we arrive at a A-automaton. Similarly, associating an initial 
marking with a net results in a net system. The separation axioms should tell us 
why a A-automaton satisfying these axioms is isomorphic to the state graph of 
some net system. Justifications are given in terms of regions of A-automata, seen 
as potential places of the unknown net system. The separation axioms require 
that regions explain why events (resp. states) differ from one another, and why 
A-parameterized actions are partially defined at each state. 

Before A-automata and net systems are formally introduced, let us fix no- 
tation. In a deterministic A-transition system § = (Q,A,T), let q-^^ q' for 
q,q' € Q and J € A, if there exists a transition t = (/, a) in T such that q = f, 
and q' = f 5. Such a transition t, if it exists, is unique due to determinism of §. 
Hence, the state q' is uniquely determined by: the state q, action a, and parame- 
ter J). State q' is said to be accessible from q if qA^ q' where is the reflexive 

and transitive closure of the immediate accessibility relation — >■ = |J^ ^ 

From now on let r = (S', /, r) be a fixed type of nets in zi-TS, inducing a 
dual adjunction a-TS{§, N*) = Nets(/)(A, §*) between A-transition systems 
and nets over /. 

Definition 10 (A-automaton). A A-automaton A consists of a deterministic 
and complete A-transition system 8 = {Q, A, T) and an initial state qo G Q. It is 
assumed that every state in Q is accessible from qo. A morphism of A-automata 
: (8, go) (§^ 9 o) ® morphism {a,rf) : § ^ S' of the underlying A- 

transition systems, such that aqo = q'o (preservation of the initial state). 

A-automata and their morphisms form a category, denoted Ant in the sequel. 
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Definition 11 (Net system). A net system Af over I eonsists of a net N = 
(P, A, F) over I and an initial marking Mq : P ^ S . A morphism of net systems 
{P,r]) : (N,Mq) — >■ (N'.Mlf) is a morphism (of nets) : N ^ N' such that 

Mq = M( o (3 (preservation of the initial marking). 

Net systems over I and their morphisms form a category denoted NetSys. 

Definition 12 (Dual of a Net System). The dual of a net system J\f with 
initial marking Mq is the A-automaton Af* = {N* J, Mg, Mq) where N* J, Mq is 
the induced restriction of the (complete) A-transition system N* on the subset 
of all states that coincide with markings accessible from Mq in N. 

Definition 13 (Dual of a Z\-automaton) . The dual of a A-automaton A = 
(§, pq) is the net system A* = (§*, Mg) with the initial marking given by Mq(p) = 
o'(9o) for every place p = {<J,rf) of S* , i.e., for every region {a^rf) € z\-TS(S,r). 

Let Ik = zi-TS(§, t) denote in the sequel the set of regions of §. 

Proposition 5. The dual adjunction between A-transition systems and nets in- 
duces a dual adjunction between A-automata and net systems. A A-automaton 
A = (§, Qq) is isomorphic to its double dual A** if and only if the following 
axioms of separation are satisfied in S = (Q,A,T). 

ESP Event Separation Property: 

a ^ a' implies 3R = {(J,rf) S TZ rj{a) yf ri{a') 

i.e., region R separates events a and a' . 

SSP State Separation Property: 

q ^ q' implies 3R = G TZ a{q) yf <j{q') 

i.e., region R separates states q and q' . 

ESSP Event/State Separation Property: 

q-A^ implies 3R={a,r])GTZ a{q) 

i.e., region R inhibits action a at state q for parameter S. 

Proof. Let Af = {N, Mq) = {P, A, F, Mq) be a net system and let A = (§, qg) be 
a Z\-automaton. Since S is accessible, and since, by definition, every state of Af* 
is accessible from Mq, a morphism f : A ^ Af* is just the morphism / : S — >■ N* 
such that /(qg) = Mq — where we write f{q) = a{q) for / = {(J,r]). From 
Prop.n these morphisms of Z\-transition systems are in bijective correspondence 
with the morphisms of nets /i* : TV — >• §* such that /**(p)(<7o) = Mq{p) for all 
p € P - where we write f^{p) = (3{p) for f^ = {P,r]) and f{q) = a{q) for 
/ = /3{p) = {<J,r]) in zi-TS(S,r). Hence the morphisms f : A ^ Af* are in 
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bijective correspondence with the morphisms /^ : A/” — > A* and we have obtained 
a derived adjunction Aut{A,Af*) = NetSys(A/”, A.*) between Z\-automata and 
net systems. The evaluation map Evji : A — ?> A** represents each state q G Q 
by a vector of local states (cr(g); R = (a, rf) G TZ), each event a G A by a vector 
of local events (77(a); R = (ct, 77) GTZ), and each transition t = (/, a) by a vector 
of local transitions {{a o f,rj{a))\R = (cr, 77) G TZ). Owing to the property of 
completeness of Z\-automata, this map is an isomorphism of Z\-automata if and 
only if all three separation axioms are satisfied. □ 

Notice that the derived dual adjunction between Z\-automata and net systems 
is no longer induced by a schizophrenic object. Following 0 , one could in fact 
construct a dual adjunction between Z\-automata and net systems based on a 
schizophrenic object. For this, it would be necessary to replace initial markings 
with forward closed sets of markings as was done in 0 and worse, to include 
some partial markings in the present context of Z\-automata. We prefer to stick 
here to constructions with more intuitive contents. As shown in the proof of the 
next proposition, places of a net system induce regions of its state graph that 
suffice to guarantee the validity of the separation axioms SSP and ESSP. They 
do not suffice in general to guarantee the validity of the axiom ESP. Thus, the 
evaluation map Evjq'» is not always an isomorphism of net systems, and the dual 
adjunction we have obtained is not a Galois connection. Next proposition, put 
together with Prop. E| shows that Evj^* : J\f* — >■ is an isomorphism of 

Z\-automata iff the reachable state graph of J\f enjoys separation of events. 

Proposition 6. A A-automaton that satisfies axiom ESP is isomorphic to the 
reachable state graph of a net system iff it satisfies axioms SSP and ESSP. 

Proof. The condition is sufficient by the preceding proposition. To show that it 
is necessary, suppose that A is a Z\-automaton with separated events and that it 
is isomorphic to the reachable state graph Af* of some net system Af. We show 
that regions of Af* derived from places of Af suffice to guarantee that axioms 
SSP and ESSP are valid in A. = Af*. Let qi and q2 be distinct states of A. 
The associated markings Mi and M2 of Af must differ on some place p of Af. By 
composing the isomorphism on the right of the region (tr, 77) induced by p (such 
that a{M) = M{p) and 77(a) = F{p, a) for N = (P, A, F ) ), one obtains a region 
of A that separates qi and 772- Suppose now that q-h^ in A, then M-ff^ in Af* 
where M is the marking of Af associated with q. Hence there must exist some 
place p of Af such that M{p) 4 -^-^^'^ in r. By composing the isomorphism on the 
right of the region (tr, 77) induced by p, one obtains a region of A that inhibits 
action a at state q for parameter S. □ 

Proposition 7 . Consider a A-automaton A = {Q, A,T, qo) that satisfies ax- 
ioms SSP and ESSP. Then A satisfies axiom ESP if it has no redundant 
events, meaning: aff a' implies {/ | (/, a) G T} yf {/ | {f,a') G T}. 

Proof. Let a± yf 02 be distinct events, then by the assumption of non redundancy 
of events, in view of the property of completeness of Z\-automata, there exist 
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transitions (/i,ai) G T and (/2,02) G T such that (/i). = (/2). = q and 
(/i)<5 (/2)<5 for some S £ A. We proceed with case analysis. If {fi)s and {f2)s 

are both defined, set qi = {fi)s and <72 = {f2)s] by separation of states, there 

exists a region (cr, 77) of A such that a{qi) yf <j{q2)', now cr(9i) and 

^(^2); it follows by determinism that ??(ai) yf hence region 

(17,77) separates oi and 02- If one of the {fi)s is undefined, e.g. {fi)s is undefined 
while (/2)(5 is defined, then by event/state separation, there exists some region 

((7,77) of A such that while <72 for some (72; hence 77(01) yf 

77(02) and (cr, 77) separates oi and 02. □ 

Thus, if we require that Z\-automata have no redundant events, and if we force 
the identification of redundant events when computing the dual of a net system, 
then the dual adjunction between Z\-automata and net systems becomes a Galois 
connection. This is obtained by composition with the corefiection that embeds 
automata without redundant events into arbitrary automata. Therefore, given a 
non-redundant Z\-automaton A, the following three conditions are equivalent. 

1 . A satisfies the separation axioms SSP and ESSP. 

2 . A is isomorphic to the dual of some net system. 

3 . A is isomorphic to its double dual. 

4.9 Order Theoretic Galois Connection between .^-Automata 
and Net Systems 

We present in this section an alternative, order-theoretic Galois connection be- 
tween Z\-automata and net systems over a fixed set of events. The new Galois 
connection coincides up to the identification of isomorphic Z\-automata with the 
earlier Galois connection between categories of Z\-automata and net systems, 
when the latter Galois connection is restricted to event separated Z\-automata. 
The complete symmetry of the dual constructions of state graphs and synthe- 
sized nets, which is a strong point of the categorical Galois connection, is lost in 
this alternative setting: state graphs of nets appear no longer as lifted versions of 
hom-sets. This loss of symmetry is balanced by mathematical simplicity, which 
is a strong point of the order theoretic Galois connection. 

Given a fixed set of actions A and a fixed type of nets t, we are thus looking 
for an order-theoretic Galois connection 

A < AT* iff J\f<A* 

between Z\-automata A = {Q,A,T,qf) and net systems N = {P,A,F,Mq), 
where Af* is the reachable state graph of Af induced by the type t and A* is the 
net version of A = (§,(?o) with places defined as morphisms (cr, 77) G /i-TS(§,r) 
(regions of A w.r.t. the type r). The main point now is to equip Z\-automata 
and net systems with order relations induced by adequate morphisms. 
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To start with, we turn the whole family^ of zi-automata over A into a skeletal 
category Aut where all isomorphic Z\-automata are identified, and so the whole 
class can be represented by an arbitrary single representative A = (Q, A, T, go)- A 
similar construction of a skeletal category is more thoroughly described later on 
in section Let Aut be equipped with relation < defined as follows: A < A' ii 
there exists some morphism of Z\-automata (ct, id^i) : A ^ A' with the identity 
of A as its second component. By Def. El every such morphism satisfies the 
following. 

q' implies (r(g)A4> cr(g') 

The proposition below states that the resulting category is in fact a poset. 
Proposition 8. (Aut, <) is an ordered set. 

Proof. When gdfi4 q' in A, state q' is totally determined by q, a, and 6. As 
every state of A is accessible from the initial state, and since morphisms (u, id^) 
preserve the initial state and the labels, the unique morphism of this form from 
A to A is the identity in Aut, hence < is an order relation on Aut. □ 

It is important to remark here that (Aut, <) is not only a partial order but 
indeed a eomplete lattice, with greatest lower bounds computed as synchronized 
products, where the synchronized product AjgJ ■Aj of a family of Z\-automata 
Aj = {Qj, A, Tj, qoj) indexed by j G J is the Z\-automaton (Q, A, T, go) defined 
as follows. If J = 0, take Q = {go} -any singleton set, and let T be the set of all 
processes (/, a) such that fg = go for all 5 € A. li J ^ let go = {qo,j)jeJ be 
a vector of the initial states, and define Q C J Qj forward closure of 

{go} w.r.t. the synchronized transitions defined as follows. 

{qj)j(iJ^ {q'j) 3 (iJ iff ™ Aj: for all j G J 

Finally, let T be the set of all processes (/, a) in Q such that /(•) = q G Q, 
f{6) = q' if gAA, q' ig a synchronized transition, and f{5) is undefined otherwise. 
This construction preserves determinism, completeness, and the accessibility of 
all states, hence it produces a Z\-automaton as required. 

Nets are treated similarly. 

Definition 14. Given fixed sets A and I of actions, resp. of incidence values, 
let A denote the preorder on net systems over I with set of events A such that 
Af < AT if there exists some morphism of net systems (/3, id^) '. Af Af' with the 
identity of A as its second component. Let (NetSys, <) he the set of equivalence 
classes of net systems (over I and with set of events A) w.r.t. the equivalence 
generated by A, equipped with relation < defined as the quotient of <. 

Again, the ordered set (NetSys, <) is a complete lattice, with least upper 
bounds computed by amalgamation on events: let us identify a place p in net 

^ To avoid foundational problems we can assume that the states of all automata con- 
sidered are members of a fixed set of potential states. Then, Aut is a small category. 
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system J\f = (P, A, F, Mg) with the relevant informations {Mo{p), F{p, •)). Then 
the least upper bound \J A, Fj,Moj) is the net system Af = (P, A, F, Mg) 

with set of places P = UjgjP^, and with initial marking and flow relations such 
that, for each j £ J and for each p £ Pf. Mq{p) = Mqj{p) and F{p, a) = Fj(p, a) 
for all a £ A. 

The order relations have been defined, so it remains to define precisely the 
state graph Af* of a net system Af, and the net version A* of a Z\-automaton 
A. The reachable state graph of an atomic net system Afp = ({p},A, P, Mg) 
w.r.t. the fixed type of nets r = (S,I,t) may be defined as follows. This is 
the unique Z\-automaton Af* = {Q,A,T,Mq) such that: Q C S'IpI, the maps 
(Tp : Q ^ S : (Jp{M) = M{p) and rjp : A ^ I : rjp{a) = F{p,a) define a 
morphism of Z\-transition systems {<Jp,r]p) ■ (Q,A,T) -£ r, and ap(Q) is the 
largest subset of states that may be accessed from Mo{p) by executing processes 
(/, l) in T with labels r G r]p{A). 

The reachable state graph of a net system Af = (P, A, F, Mg) is then the 
synchronized product of the reachable state graphs of its atomic subnet systems 
= {{p},AFp,Mo,p), such that Mo,p(p) = Mg(p) and Fp{p,a) = F{p,a) for 
all a £ A. Thus: 

Af =\J {Afp\p£P} and Af* = [\{Af;\p £ P} 

Symmetrically, one may define net systems A* synthesized from Z\-automata 
A = (§,gg) where 8 = {Q,A,T) as follows: A* is the net system one obtains by 
gluing on events a G A all net systems Afp = A* = {{p}, A, Fp, Mg^p) that derive 
from regions p = (cr, 77) G zi-TS(S,r) such that: 

Fp{a) = rj{a) (g I) and M(Q^p){{a,r])) = a{qA) (G S) 

Thus, A* = \J {Al\p£ zi-TS(S, r)}. 

Proposition 9. The correspondence that sends a A-automaton A to the syn- 
thesized net system A* and a net system Af to the reachable state graph Af* , is 
a Galois connection between the ordered sets (Aut,<) and (NetSys, <), i.e. : 

1. A\ < A2 implies A 2 < A\, for Ai, A^ £ Aut, 

Afi < A/2 implies Aff < Aff, for Af\, A/2 G NetSys, 

3. A<A**, for A £ Aut. 

4. Af< Af**, for Af £ NetSys. 

Proof. 1 . Let A\ < A2 and let (cr, id^) '. A\-^ A2 be the associated morphism, 
then by composition with (cr, id^), each region (ct 2, 772) of A^ (i.e. each morphism 
from the underlying Z\-transition system to the type of nets t) induces a region 
((J2 o cr, 772) of A\ with the same flow relations, showing that A\ < A\. 

2 . Let N\ < A/2, and assume w.l.o.g. that P\ C P2 (where Pi is the set of places 
of Afi), then Aff = A { Mp | p G Pi } > A { A/'2* | p G P2 } = A/J . 

3 . Suppose q" in A. Let p = {cr,rj) be a region of A, i.e. a morphism 

from the underlying Z\-transition system to the type of nets r, and moreover a 
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place of A*. As (< 7 , 77 ) is a morphism of Z\-transition systems, ^W) 

in r. By definition of the reachable state graph of the atomic net system A*, 
there must exist markings M' and M” of A* such that <7p{M') = M'{p) = cr{q'), 

ap{M") = M"{p) = cr{q"), and M" in A**. The map tpp sending each 

state q of A to the unique marking M of A* such that (Jp{M) = M{p) = a{q) 
defines therefore a morphism (<pp,id^) : A — >■ A**. Thus A < A**, and A < A** 
as A** = A { I P G 3? } where 3? is the set of regions of A (see Def. OJ ■ 

4. Finally, given a net system Af, the map /3 sending each place p of Af to the 
region {<Jp,r]p) of A/"*, such that (Jp{M) = M{p) and f]p{a) = F{p,a), defines a 
morphism of net systems (/3,idA) : Af — >■ Af**, hence Af < Af**. □ 

Let us briefly recall for further use some basic facts about order-theoretic Galois 
connections. A Galois connection between two ordered sets X and Y consists of 
a pair of decreasing maps {■)*: X ^ Y and (•)* : T — >■ X such that 

X < X** and y < y** , for all x G X,y G Y. 

Equivalently, it may be defined as a pair of maps (•)* : X — >■ T and (•)* : E — ^ X 
such that 

\/x G X \/y gY X <y* y < X* 

Some important properties of Galois connections are listed below. 

GCl X* = X*** and y* = y***, for all x G X, y G Y. 

GC2 Both (•)** maps are closure operators; 

GG3 Images via (•)* coincide with sets of closed elements: 

{x* \ x G X} = {y GY \ y = y**} 

{y* \y GY} = {x gX\x = a;**} 

GG4 The two maps (•)*, restricted on the respective subsets of closed elements, 
are inverse biiections inducing a dual isomorphism between the ordered sets 
X* and r*; 

GG5 For all Xi G X and yi GY the following are satisfied: 

{\J ,XiY = t\-x* and {\J.yiY = Yiy* 

(Ai XiY > Vi X* and (Ai ViY > Vi y*i 

In the end of the section, we examine some consequences of the above properties 
for the Galois connection between Aut and NetSys established in Prop. El 

Proposition 10 . A A-automaton A = (§,qo) the reachable state graph of 
some net system, relatively to type t, if and only if there exists a subset of regions 
T C zi-TS(§,r) such that the following axioms of separation are satisfied in S. 

SSP State Separation Property: 

q Y Q implies 3p = {cr,rf) G IP cr(q) Y o'(V)- 
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ESSP Event/State Separation Property: 

q-h^ implies 3p = {a,rj) G a{q) , 

When these two axioms are satisfied, IP is said to be an admissible subset of 
regions of A, and A = (\/ A*)* . 

Proof. Recall that A < A** holds due to morphism ((^,idyi) : A — >■ A** such 
that ip{q){p) = (j{q) for p = {a,r/) G a-TS(S,t). This morphism, which is the 
unique morphism of Z\-automata from A to A** , acts as a bijection on states if 
and only if SSP is satisfied in § for some subset of regions T'. Also recall that 
(f{q)d^ in A** if and only if (pp(q)d!2^ in A** for each region p = with 

ipp{q){p) = a{q) = ip{q){p). Therefore, if (p is actually a bijection on states, A 
and A** are isomorphic if and only if ESSP is satisfied in § for some subset 
of regions IP". Suppose IP C zi-TS(§,T) is an admissible subset of regions. Then 
there exists a unique morphism of Z\-automata from A to Ape? -dp*, derived from 
(y>,id^) by restricting p{q) : z1-TS(§,t) — S' to ^^{q) : T — >■ S for all g G Q. 
It is obvious from the first part of the proof that (gj 3 >,id^) is an isomorphism, 
hence A = t\p^yA** in Aut and by GC5, A = (Vpgy-Ap*. By GC3, this is 
equivalent to say that A is the reachable state graph of some net system. □ 

Let us elaborate further on the interpretation of GG4 and GG5 in terms of 
Z\-automata and net systems. An A-automaton A equal to its double dual A** 
is said to be separated. A net system J\f isomorphic to its double dual Af** is said 
to be saturated. By GC4, taking the induced restrictions on closed elements of 
the two maps (•)* defined respectively on A-automata and net systems provides 
a dual isomorphism between separated A-automata and saturated net systems. 
As by GC5, the reachable state graph of an amalgamated 

sum of net systems is the synchronized product of their reachable state graphs. 
As > Vi A* by GG5, the net system synthesized from a synchronized 

product of A-automata is generally bigger than the amalgamated sum of the net 
systems synthesized from the components. 

Observe now that if A = AAi then by GG5 and the definition of Galois 
connections: 

(1) (2) (3) 

A = AA. < (AA.)** < (V,A^* = A,Ar > KAi = A 

Relation (1) is equality if and only if A is separated. Relation (3) is equality if 
each Ai is separated, and in this case, relations (1) and (2) are also equalities. 
It may be observed that relation (2) is equality whenever the A-automata Ai 
form an orthogonal family in the sense that AjA** = AjA^. Therefore, given 
A = AjAi such that A^’s form an orthogonal family, then the A-automaton 
A must be the reachable state graph of the amalgamated sum of net systems 
A* even though the components Ai need not be separated A-automata. This 
remark may be of interest for synthesizing net systems from automata specified 
as synchronized products of “smaller” automata without computing explicitly 
synchronized products (this was considered in jl l)j in the context of ordinary 
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automata and pure Petri nets), provided the following admits a positive answer. 



Problem 1. Construct a process that transforms a family Ai of automata into 
an orthogonal family Ab such that f\- A' = /\ . Ai whenever /\ - Ai is a separated 
automaton. 

5 Nets with Complex Transitions 

In this section we put forward a new extension of transition graphs of nets of 
an arbitrary type. Actions/transitions/events of nets are often seen as being 
atomic. Here, we are also interested in complex actions formed from the atomic 
by algebraic means. This, implicitly, is done when considering Petri nets with the 
step semantics: sums of actions, interpreted as multisets, are used as labels of step 
transitions. The idea is to generalize on this example so that, for instance, one 
may also take the sequential composition of actions into account. This leads us to 
define algebras of actions as initial {S, if)-algebras over a finite set of generators 
(if is a finite signature and if is a finite set of equations between H-terms, with 
implicit universal quantification of variables) . Before we state a formal definition 
of (if, if)-transition systems and the corresponding generalization of nets, let us 
spend some time to introduce motivating examples. 

5.1 Complex Actions of Petri Nets 

General Petri nets may be seen as nets with type t = (IN, IN x IN,t), where 
n—lAn' is a transition in r for x = {k, 1) if and only ii n > k and n' = n — k + 1. 
In order to render the step semantics of Petri nets, it suffices to turn IN x IN into 
a commutative monoid with neutral element 1 = (0, 0) and with composition 
+ given by (k,l) + {k',l') = {k + l,k' + I'). Actually, if we are given a Petri 
net N = {P, A, F), a marking M oi N and a finite multiset pL over A (formally, 
^ : A — >■ IN, M : P — >■ IN, and F{p^a) € IN x IN for p G P and a € A), 
then M[p)M' is a step of N if and only if there exists for each place p G P a, 
corresponding transition in r from source M(p) to target M'(p) labelled with the 
sum of p(a) X P(p, a) for all a G A. It is easily seen that IN x IN equipped with the 
above operations in Pi = {1, +} is in fact the free commutative monoid over two 
generators, hence it is isomorphic to the initial (Pi, i?i)-algebra 
where Pi is the set of equations: 

"!l + x = x X + {y + z) = {x + y) + z x + y = y + x 

A minor extension to the above consists of adding a third unary operator (•)“ 
together with the following equations. 

(cc~)~ = X {x + y)~ = x~ + y~ 

Let P 2 and P 2 be the resulting sets of operations and equations. The initial 
algebra ({•}) over one generator is still isomorphic to IN x IN with [k,l)~ = 
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(l,k). There are actually two isomorphisms, sending • to (0,1) and to (1,0), 
respectively. Equipped with a structure of this algebra on labels, the type r of 
Petri nets induces now a different “step semantics” of Petri nets in which each 
action a has an implicit dual a~. For atomic a its effect on a place p is defined by 
F{p,a~) = F{p,a)~. In other words the input and output arcs of a are reversed 
in a~. Thus, for instance, the complex actions (a + b~)~ and a~ + b are equal. 

A subsequent, more ambitious, extension consists of introducing sequential 
composition in the algebra of actions. This may be done by defining the following 
operation on IN x IN: 

{k, /); {k', I') = ifl>k' then (fc, I + I' - k') else {k + k' - I, I') 

The type r of Petri nets, with set of labels INxIN equipped with the operations in 
E 3 = {Il,~, +, ;}, induces a new semantics of Petri nets, yet unexplored. Consider 
two atomic actions a and b of net N = (P, A, F), hence a,b £ A, and consider the 
complex action a ; b. The idea is that a ; b can be fired at marking M and lead 
to marking M' if and only if there exists for each place p £ P some transition 
in r from source M{p) to target M'{p) labelled with F{p,a) ; F{p,b). This is 
actually the case if and only if M[a)M” and M”[a)M' for some intermediate 
marking M” , hence the extension seems to bring nothing new. However, by 
applying a similar definition of firing to all complex actions, we obtain complex 
transitions, such as M[{{a ; b) + c))M” , that cannot be inferred from ordinary 
step transitions. A question that must be answered at this stage is the following: 
formally speaking, what is a complex action ? The answer we propose is to define 
the complex actions of net N = (P, A, F) as the elements of a free (A, P)-algebra 

generated by A. We also insist that the actions of a type r of such nets 
also form a free (A, P)-algebra. 

We have already argued that IN x IN can be seen as a free algebra in the first 
two examples. We claim that IN x IN is actually isomorphic to iPi: 3 ,£; 3 ({»}) when 
P 3 is formed of all axioms in E 2 plus the following: 



{x ; x~y = X ; x~ ( 10 ) 

{x ; x~) + (x~ ; x) = X + x~ ( 11 ) 

(x + y) ; (x~ + y~) = {x ; x') + (y ; y~) ( 12 ) 

X ; {{x~ ;x)+y)=x + y ( 13 ) 

X ; {x~ + y) = {x ■, x') + y ( 14 ) 

(x + y) ;y' = x + {y ;y') ( 15 ) 

{x + {y ;y')) ;y = x + y ( 16 ) 

{x+{y; y~)) ; {z + {y ; y')) = {x ; z) + {y ; y~) ( 17 ) 

{x + y);{y'+z) = {x;z) + {y;y') ( 18 ) 



We already saw that ({•}) is isomorphic to IN x IN with the operations 

II = (0, 0), {k, ly = (/, k), and (fc, 1) + (/c', I') = {k + k',l + I'). We claim that 
equations [nil [ni and ^3 determine (x ; x~) for every a: in IN x IN. To see this. 
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we observe first that (0,0) ; (0,0) = (0,0) by equation 1771 and that (x ; x~) is 
determined inductively from (0,1) ; (1,0) and (1,0) ; (0,1) for x yf (0,0) by 
equation El Now ((0,1) ; (1,0)) + ((1,0) ; (0,1)) = (1,1) by equation ITTl and 
(0,1) ; (1,0) = (i,i) and (1,0) ; (0,1) = (j,j) for some unknown i,j S IN by 
equation irni There are two solutions: z = 0, j = 1 or i = 1, j = 0. Both solutions 
are equivalent up to the isomorphism ~ on IN x IN. We choose the first solution, 
hence (0, 1) ; (1, 0) = (0, 0) and (1, 0) ; (0, 1) = (1, 1). Thus (fc, 1) ; {I, k) = {k, k) 
for all fc, I by equation El 

Given this, the equations El m El El determine x ; y in the respective 
cases: {x = (fc, 1 ), y = (I + k' + I')), and {x = {k, /), y = {I + k',k + I')), and 
{x = {k + k', I + I'), y = {I', fc')), and finally (a: = (fc + k', I + k'), y = (fc', I')), 
consistently with the definition of the operation ; on IN x IN. 

The two cases in which x ; y is left undetermined by the equations ^0 to El 
with X = {k, 1) and y = {k', I'), are when I' < k hi' < I < k' ot k < V hk < k' < 
1. The remaining equations ^3 and El should therefore impose adequate values on 
the expressions {j + k,j + l) ; {j + l + m, j) and (j, j + ^ + m) ; {j + l,j + k). Seeing 
that (j,j) = (j, z) ; (z,j), equation El reduces the problem to impose adequate 
values on {k,l) ; (Z + m,0) and {0,1 + m) ; {l,k). Using y = (0,1) in equation 
El one reduces the problem to impose adequate values on (fc,0) ; (m, 0) and 
(0,m) ; {0,k). Now (fc, 0) ; (m,0) = (fc + m, 0) is forced by equation El (since 
(0,fc) ; (k,0) = (0,0)), and (0,m) ; (0,/c) = (0,m + fc) is forced by equation El 
(since (k,0) ; (0,k) = (0,0)). Therefore, .?^i: 3 ,£; 3 ({*}) is isomorphic to IN x IN. 

Note that equations El and Elare dual to equations Eland^J and may hence, 
together with equation ITTl be replaced with a single equation (x ; y)~ = y~ ; x~. 

Remark It is worth noting that {x ] y) ; z = x ; {y ] z) is valid in ,^;3(W) 
although it is not provable from the equations in E^. This has some importance 
for action algebras: the sequential composition of actions in Ez:,^,E 3 {-A) will not 
be associative, as one may wish, unless equation {x ; y) ; z = x ; {y ; z) is 
explicitly added to E 3 . 

The proposed extension of Petri net semantics diverges significantly from 
Meseguer and Montanari’s view of Petri nets as monoids m In our approach, 
there is no need to impose the functoriality law {a + b);{c+ d) = {a; c) + {b; d) . 
More importantly, the equational axioms we suggest bear on labels of computa- 
tions, and not directly on computations as do the axioms of monoidal categories. 
This allows to embed (extended) state graphs of Petri nets into arbitrary graphs 
labelled with complex actions and hence to consider the Petri net realization 
problem for such graphs without assuming any internal structure of their nodes. 

5.2 Concurrent Inhibitor C/E-Nets 

As a second example, let S = {1,-1-} where 1 and -I- have arities 0 and 2, 
respectively. Let E be the set of axioms of commutative and idempotent monoids, 
i.e. the set of equations: 

l-|-a; = a; x + {y + z) = {x + y) + z x + y = y + x x + x = x 
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For any finite set A, the initial algebra 3^i;,e{A) is obviously isomorphic to the 
powerset algebra of A. Now consider the type of Concurrent Inhibitor C/E-nets 
shown in Fig. 0 where the transitions are labelled in the free (if, E)-algebra 
‘As,e{I) generated from the incidence values in set I = {inhibit, input, output}. 



inhibit + output 

inhibit 




1 

Fig. 3. The type of Inhibitor C/E-nets 



An Inhibitor C/E-net may be defined accordingly as a net (P,A,F) equipped 
with a flow matrix F : P x A ^ {inhibit, input, output,^}, where F{p,a) = 
inhibit means that condition p inhibits event a, and F{p,a) = 1 means that 
condition p and event a are unrelated (see section 1). The firing rule for Inhibitor 
C/E-nets induced by the above type r is as follows. For any subset of events 
E C A, M[E)M' is a step of the net {P, A, F) if and only if, for every condition 
p € P, there exists in the (A, E)-transition system r a corresponding transition 

M{pf^'> M'{p) 

where F{p,%) = 1, F{p, {a}) = F{p,a), and E(p, E 1 UE 2 ) = F{p,Ei)+F{p,E 2 ). 
According to this rule, two events may be fired in one step even though they 
share some input condition, or some output condition. Given a condition p, a step 
may also include simultaneously an event a\ with p as an inhibiting condition 
and an event 02 with p as an output condition (but definitely not as an input 
condition). Many other variations may of course be envisaged. 

5.3 (if, £l)-Transition Systems and (if, Ef)-Nets 

We proceed now with general definitions. In the sequel, if is a finite signature, 
if is a finite set of equations between if-terms (over some set of universally 
quantified variables), and 3^e,e{A) is the initial (if , if)-algebra over a finite set 
A of generators. Recall that any map rj : A ^ 3 ^e,e{A') extends to a unique 
morphism of (if, if)-algebras ry* : ‘Je,e{A) — >• 7e,e{A') such that ? 7 *(a) = 77 (a) 
for all a G A (where a G A is identified with a £ 3^e.e{A) by abuse of notation). 

Definition 15 (Transition System). A (if , if)-transition system over A is 
a subset T of Q x 3 ^e,e{A) x Q, where Q is a (possibly infinite) set of states. 
Transitions in T are represented in the form t = q-^q' . Let A : T — >■ J ,e){A) , 
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and 9 °, 9 ^ : T ^ Q be projection maps, i.e., \{t) = e, 9 °(t) = q and 9 ^(t) = q' 
for t = q-^q' . The {E, E) -transition system is deterministic if X and 9 ° are 
jointly monic. It is reduced if it is deterministic and if moreover, \/q € Q 3 t € T 
q G { 9 °(t), 9 ^(t)} and G A 3 t G T \{t) = a. 

A morphism of {E, E) -transition systems from Ti C Qi x 3 ^s^e{Ai) x Qi to 
T2C Q2X Js,e{A 2) XQ2 is a pair (a, 77) of maps a: Qi -G Q2, p: Ai ITs,e{A 2) 
such that there exists a map 9 \ T\ ^ T2 making the following diagrams commute. 



7e,e{Ai)^ Ti 



‘3^E,e{A2) 



-T2 



Qi 



9 ? 





b 


9 


Y 




I 



Q2 



95 




( 19 ) 



(i 7 , _E)-transition systems and their morphisms form a category (i:,£;)-TS where 
composition of morphisms is defined as (ct2, 772) ° (ci, 771) = (ct2 octi, 77^ 0771). The 
full subcategory (s,e)-TS° of reduced {E, _E)-transition systems is concrete. 



Let / be a finite set of incidence values. 

Definition 16 (Nets). A {E,E)-net over I is a triple N = {P,A,E) where A 
is a finite set 0/ atomic actions, P is a set of places, and P : PxA^ Tu ,e{I)- a 
{E, E) -net N = {P, A, F) is reduced if the following holds for all complex actions 
e, e' G Te,e{A)'. e yf e' implies F*{p,e) yf F*{p,e'), for some p G P. Above, 
F*{p,-) : ITe,e{A) -g Te,e{I) is the E -homomorphism induced by F{p,-). 

Given {E, E)-nets Ni = {Pi, Ai, Fi) and N2 = {P2, A2, F2) , both over I, a 
morphism (/ 3 , 77) : 7 Vi — >■ N2 is a pair of maps (3 \ P\ ^ P2, 77 : A2 — >■ 
such that, for all p\ G Pi and 02 G A2, F2{Ppi, 02) = 7702). 

(L',if)-nets over I and their morphisms form a category (i;,E)-Nets(/), with 
composition of morphisms given by {( 3 ' ,rj') o {P,rj) = {j 3 ' o ( 3 ,rf o 77'). The full 
subcategory (i:,£;)-Nets°(/) of the reduced (17, if)-nets over I is concrete, and it 
is actually the largest concrete subcategory of (i:,£;)-Nets(/). Let us shift from 
structure to semantics and define now the dynamics of {E, E)-nets. 

Definition 17 (Type of Nets). A {E,E)-type of nets over I is a reduced 
{E , E) -transition system r over I. Hence, t C S x Hs,e{I) x S for some set S 
defining a possible range of values for places of {E, E)-nets over I. 

Let (i:,£;)-Types(/) denote the class of all {E, i 7 )-types of nets over I. 

Definition 18 (State Graph). Given a {E, E)-net N = {P,A,F) over I and 
a type of nets r in (E,E)-Types{I) , the state graph SG{N,t) of N relative to 
r = (S', A,r) is the {E, E) -transition system over A with set of states and 
with the set T of transitions T defined as follows. 

M^M' gT iff M{pf*-^''^M'{p)GT, forallpGP 
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for all M, M' G and for all e G 

The reader may wish to verify that the above definition extends indeed the 
usual construction of state graphs of nets. In order to complete the machinery, 
we finally propose a converse construction of (if, i?)-nets from (if, i?)-transition 
systems, based on the regions-as-places analogy. 

Definition 19 (Regions and Synthesis). Given a {S , E) -transition system 
T over A, and given a type of nets r G (i:,£;)-Types(/), a region of T relative 
to T is a morphism (cr, 77 ) : T -G t in (i:,£;)-TS. The net SN(T,t) synthesized 
from T with respect to t is defined as SN(T,t) = (P,A,F) with all regions as 
places: P = (i;,£;)-TS(T, r), and with flow relation given by F{{a,r]), a) = rj{a), 
so that rj{a) G ,eW- 

So far so good, and one may expect that for each type r G (i:,B)-Types(/), a dual 
adjunction between (i;,£;)-TS° and (i:,£;)-Nets°(/) would emerge by considering 
r as a schizophrenic object, whose net counterpart is the (F, F)-net over / 
defined as B)-Nets ~ {enabled}, F), with transitions s-^s' G t as places, 
and with flow relation defined as follows: 

F{s-^s' , enabled) = e 

The above is a correct definition of the net since e G 3^s,e(I) as required. 
One may prove that the state graph SG{N,t) of a reduced net N = (P,A,F), 
N G (E,E)-'Nets° {!), is in fact isomorphic to the initial lift in (i:,£;)-TS° of 
the family (evp)pgp of evaluation maps evp : (E,E)-Nets{N,X}^ EyNetJ 
defined by: 

evp(/3,?7) = Pp 

For the reduced nets, these evaluation maps evp do form a jointly monic source. 

The proof of this result is not immediate and depends strongly on the as- 
sumption that N is reduced. This is a severe restriction, as demonstrated by 
the following example. Let t be the type of general Petri nets, with transi- 
tions labelled in the (T'l, i?i)-algebra IN x IN. A Petri net (P,A,F) is a re- 
duced (Ai, i?i)-net if and only if, for all multisets pL,p,' : A ^ JN, ^ ^ 

J2a ^ F{P^n) X)a P'{ei) x F{p,a) for some place p G P, A and only if, 
for all / : A — >■ Z, /(a) x F(-,a) differs from the null map 0 : P — >■ Z, if 
and only if the a-indexed family of vectors F{-, a) :P— >-INxIN (=P-|-P— >■ IN) 
is linearly independent (in P -|- P — >■ IN). If we consider alternatively the type 
T of general Petri nets as a (A 3 , Pa)-transition system, the situation becomes 
dramatic. For instance, the Petri net N = ({p}, {a}, P) with the flow ma- 
trix F{p,a) = (1,2) is not a reduced (A 3 ,P 3 )-net, as F*{p,e) = F*{p,e') for 
e = (a ; a) -I- (a~ ; a~) and e' = (a ; a~) -I- a -I- a~, whereas e e' in ({a}). 

Actually, F*(p, e) = ((1, 2) ; (1, 2)) + ((2, 1) ; (2, 1)) = (1, 3) + (3, 1) = (4, 4) and 
(4,4) = (1, 1) + (3, 3) = ((1, 2) ; (2, 1)) + ((1, 2) + (2, 1)) = F*(p, e'). 

Similar problems strike again when trying to construct synthesized nets 
SN{T,t) as the initial lifts in (i:,£;)-Nets°(/) of the t-indexed families of maps 
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evt : {s,e)-TS{T, t) — >• defined as follows. 

evt{(7,r]) = a{q)'^ a{q) 

for t = q-^q' . The only way to obtain initial lifts in (i:,E)-Nets°(J) is actually 
to construct initial lifts in (i:,£;)-Nets(/), which is easy, and to derive from the re- 
sulting nets {P,A,F) canonical reductions {P,A',F') in (i:.£:)-Nets°(J), such that 
the two sets of vectors {F{-,e)\e and {F'{-,e')\e' 

are equal. There is no general solution, as the following counter-examples show. 

The (F 3 , E 3 )-net N = ({p}, {a}, F) with flow matrix F{p,a) = (1,2) cannot 
be reduced. Assume for contradiction that {P,A',F') is a reduction of N. Then 
F'{p,e') = (1,2) for some e' G tPs 3 ,E 3 {A'). If e' is an atom, let e' = a G A', 
then {P,A',F') is not reduced since F'{p, {a ■, a) + {a~ ; a~)) = F'{p, {a ; a~) + 
a + a . In the converse case, consider any atom a G A' . Then F'(p, a) = F(p, e) 
for some e G Ti; 3 ,_E 3 ({a}), hence F'{p,a) = F'{p,e[e' /a]), and we get again a 
contradiction, as e' is not an atom. 

The ( Fi, Fi)-net N = ({p}, {a, b, c}, F) with flow matrix given by F{p, a) = 
(1,3), F{p,b) = (2,2), and F{p,c) = (3,1) cannot be reduced. Observe that 
{(1, 3), (2, 2), (3, 1)} is the set of all minimal vectors different from the null vector 
in {F{p,e) \ e G 3'si,Ei{{a,b,c})}, and assume for contradiction that {P,A',F’) 
is a reduction of N. The set of all minimal vectors different from the null vector 
in {F'{p, e') \ e' G 7 E 3 ,Ei{A')} must then be equal to {(1, 3), (2, 2), (3, 1)}. As the 
composition operator -|- in is interpreted as summation in IN x IN, the only 
possibility is that F'{p,a') = (1,3), F'{p,b') = (2,2), and F'{p,c') = (3,1) for 
corresponding atoms a' ,b\c' G A'. But the considered vectors are not linearly 
independent, and therefore {P,A',F') was not a reduced (Fi, Fi)-net. 

The above counter-examples do not show that one cannot define canonical re- 
ductions for the particular (T',F)-nets T* derived from homsets (i:,£;)-TS(T, r), 
but we must nevertheless admit that the use of schizophrenic objects for con- 
structing adjunctions between {E, F)-transition systems and {E, E)-nets is prob- 
lematic. There is a way out, if one accepts to loose generality by fixing the 
alphabet A of atomic actions of nets and transition systems. Then, following 
the route described in section EM we are able to establish for each type of 
nets T G (i:.E)-Types(/) an order theoretic Galois connection between {E,E)~ 
transition systems over A and nets with set of atomic actions A in (i:,£;)-Nets(J). 
This construction is presented below. 

5.4 Order Theoretic Galois Connection 

Henceforth, we assume a fixed type of nets t C S x 'Ee,e{I) x S and a fixed 
alphabet of atomic actions A. Like we did in section EM we focus on transition 
systems and nets with set of atomic actions A, and we assign them initial states 
and markings respectively. In order to alleviate the notation, let us introduce 
some definitions. 

Definition 20 (Automaton). An automaton A = {Q, A,T,qo) is a reduced 
{E , E) -transition system T C Q x “Js^EiA) x Q, with an initial state qo G Q 
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such that Q is the forward closure of {go} with respect to transitions in T. We 
let T denote the underlying transition system of A. A morphism of automata 
a \ A ^ J\! is a map a : Q ^ Q' such that a and la '■ A ^ J's ,e{A) : LA{a) = a 
define a morphism (of transition systems) (<J, i^) : T — >■ T' , and cr(go) = 9o 
(preservation of the initial state). 

Clearly, automata and their morphisms form a category, denoted Aut. 

Definition 21 (Net System). A net system Af = (P,A,F,Mq) is a {S, E)-net 
over I (thus F : P x A ^ ^s,e{I)), with an initial marking Mq : P — >■ S'. We 
let N = (P,A,F) denote the underlying net of Af . A morphism of net systems 
/3 : Af — >■ Af is a map (3 \ P ^ P' such that (/3, la) with la ■ A ^ 'Ae,e{A) given 
by la{o) = a, defines a morphism (of nets) from N to N' , and Mq{p) = M({(3p) 
for all p G P (preservation of the initial marking). 

Again, net systems and their morphisms form a category, denoted NetSys. 

Definition 22 (Reachable State Graph). The reachable state graph of a net 
system Af = {N, Mq) is the automaton Af* whose underlying transition system 
T* is the restriction of SG{N,t) (see Def. lltt^) to the subset of markings reachable 
from Mq, and whose initial state is Mq. 

Definition 23 (Synthesis of Net Systems). Given automaton A = (T, go)> 
the net system A* synthesized from A has the underlying net N* = SN(T, t) 
(see Def. 17?^) and the initial marking Mq defined by Mo(cr, 77 ) = cr(go) for all 
regions : T ^ t. For any region p G (e,e)-TS(T,t), let A* denote the 

(atomic) subnet system of A* with p as a unique place. 

We will show that the two (•)* operators, that send an automaton A to the net 
system A* synthesized from A, and a net system Af to the reachable state graph 
Af* , respectively, form an order theoretic Galois connection: 

A<Af* iff Af < A* 

The development present in the sequel takes the same stages as in section ^3) 
with minor adaptations. Firstly, let us equip the automata and net systems with 
order relations. 

Definition 24 (Ordered Set of Automata). Let ^ denote the preorder on 
objects 0 / Aut defined as A ^ A' if3a:A^ A! . Let Aut..^ denote the set of 
equivalence classes of automata generated by ^ . The Ordered Set of Automata 
is (Aut.^,<) where < denotes the order relation induced by ^ . 

Definition 25 (Ordered Set of Net Systems). Let ^ denote the preorder 
on objects 0 / NetSys defined as Af Af' if3/3:Af^Af'. Let NetSys.^ denote 
the set of equivalence classes of net systems generated by d ■ The Ordered Set of 
net systems is (NetSys^, <) where < denotes the order relation induced by d ■ 
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It follows from the reducedness, determinism, and reachability of automata that 
A A' in Aut if and only if automata A and A' are isomorphic. Similarly, 
J\f J\f' in NetSys if and only if net systems J\f and M' are identical up to 
a renaming of places which preserves multiplicity assigned to the places by the 
initial marking. Henceforth, equivalence classes of automata (respectively, of net 
systems) are denoted with arbitrary representatives A = {Q, A, T, qq) G Aut 
(respectively, Af = (P,A,F,Mo) G NetSys). 

(Aut,^, <) is a complete lattice with greatest lower bounds computed as syn- 
chronized products, where the synchronized product AjeJ ^ family of au- 

tomata Aj = (Qj,A,Tj,qoj) indexed hy j G J is the automaton {Q, A,T,qo) 
defined as follows: if J = 0, Q = {go} and T is the set of all transitions go— ^ Qo 
where e ranges over 3^s^e{A). Otherwise, the initial state go = {qoj)j^j is the 
vector of initial states, and the set of states Q is the forward closure of (go) in 
the product YljeJ^J with respect to the synchronized transitions: 

{Qj)jeJ-^Wj)jeJ iff Vj S J q^-^q] G Tj 

where e ranges over tAs,E{A), and the set of transitions T is the subset of 
the synchronized transitions with sources in Q. Symmetrically, the ordered set 
(NetSys^, <) is a complete lattice, with least upper bounds computed by amal- 
gamation on atomic actions as it has been described in section l4.t)l 

By the definition of reachable state graphs, the automaton Af* generated from 
a net system AA = {P,A,F,Mq) is the synchronized product of the reachable 
state graphs of its atomic subnet systems Afp = {{p},A,Fp,Mo^p), such that 
^o,p{p) = Mo{p) and with flow given by: Fp{p, a) = F{p, a), for all a G A. Thus, 
= f\{^p I P}- By fffe definition of synthesized net systems, the net 
system A* synthesized from automaton A = (Q,A,T,qo) is obtained by gluing 
on atomic actions all the net systems A/} = {{p}, A, Fp, Mo^p) that derive from 
regions p = (ct, g) S {s,e)-TS{T, t) such that: 

Fp{a) = rj{a) (in JeMI)) and M(o,p)((cr, 77 )) = cr(go) (in S) 

Thus, A* = \J{Afp I pG (i:.£:)-TS(T, r)|. The key to establish the intended 
Galois connection is given by the following result. 

Lemma 6. Regions of A (i.e. morphisms {a,rj) : T ^ t ) are in bijective corre- 
spondence with the atomic net systems Af such that A < Af* . 

Proof. Let A < Af*, where A = {Q, A,T,qo) and Af = {{p},A,F,Mq). Thus 
Mq{p) G S and F{p,a) G 3^e,e(A) for all a G A. By the definition of reachable 
state graphs, Af* = {Q', A, T' , Mq) where Q' C and T' C Q' x 3 ^e,e{A) x Q' 
are the least sets of states and transitions respectively such that Mq G Q' and 
for each e G 3^e,e(A): M' € Q' and M-A-^M' in T' whenever M G Q' and 

M {p)^ M' {p) in T. By definition of the order relation < on automata, there 
exists a morphism u : A — >■ Af* . By definition of morphisms of automata, (a, la) 
is a morphism (of transition systems) from T to T' , mapping go to Mq. Now the 
maps Lp : Q' ^ S : Lp{M) = M{p) and i] : A ^ fE,E{I) ■ = P{Pj «) define a 



342 



Eric Badouel, Marek A. Bednarczyk, and Philippe Darondeau 



morphism (of transition systems) {ip, rj) : T' ^ t. By composition of morphisms, 
one obtains a region {ap, r]p) of A such that Op = ipO a and r]p = rf o hence 
o"p( 9 o) = Mq{p) and T]p{a) = F{p, a) for all a € A. 

Now, let p = {(Jp,T]p) be an arbitrary region of A, and let J\fp = A^. As an 
induced restriction of A* on a subset of regions (or places) with a single element, 
J\fp is an atomic net system. Consider the reachable state graph J\f* whose initial 
state is the marking Mq{p) = ap{qo). Let q and M be any state and marking of 
A and N, respectively, and such that M{p) = ap(q). If q-^q' is a transition in 
T, there must exist a marking M' of Np such that M'{p) = (Jp{q') and 

because F*{p, e) = Pp{e) in Afp by construction of this net, and (Jp{q)^-^^ap{q') 
in T by definition of regions. As all states g of A are reachable from q^, it follows 
by induction that they are all represented by corresponding states M in J\f* such 
that M{p) = cjp{q). Therefore, tJp : A — >■ Af* is a morphism of automata. 

We are left with proving that Af* and JA* are isomorphic when p = {ap, rjp) 
is the region of A that has been derived from AA in the first part of the proof. 
As the initial states agree and for all a G A, and F{p, a) = r]p{a) in both nets, it 
follows that the two net systems are isomorphic. Whence, their reachable state 
graphs are isomorphic, too. □ 

We can now establish the expected Galois connection between automata and net 
systems. 

Proposition 11. For all A G Aut..., and Af G NetSys^ the following holds. 

A<Af* iff Af < A* 

Thus, the two (•)* operators, one mapping an automaton A to the synthesized net 
system A* and the other taking a net system Af to the reachable state graph Af* , 
establish a Galois connection between ordered sets (NetSys,^, <) and (Aut,..,, <). 

Proof. Consider first the case of an atomic net system Af. Then by definition of 
the synthesized net A* , Af < A* if and only if the net system Af — Afp derives 
from a region p = {ap,r]p) of the automaton A. By lemma El this assertion is 
equivalent to the assertion A < Af*. Consider now an arbitrary net system Af. 
Observe that Af = \/ {Afp \ p G P} where Afp is the atomic subnet system of 
Af with the unique place p, and thus Af* = /\ {Aff | P G P} by definition of 
reachable state graphs. Therefore, A < Af* iff A < Aff for all p G P iff Afp < A* 
for all p G P (seeing that Afp is an atomic net system) iff Af < A* . □ 



Proposition 12. A {E , E) -automaton A = {Q,A,T,qf) is isomorphic to the 
reachable state graph of some {E , E)-net system, relatively to type r = {S,I,t), 
if and only if there exists some subset of regions f C (i:,e)-TS{T,t) such that the 
following axioms of separation are satisfied for all q, q' G Q, and e gTs ,e{A). 

SSP State Separation Property: g yf g' => 3p = (cr, 77 ) G T a{q) yf cr(g'). 

ESSP Event/State Separation Property: q-h^ 3p = (< 7 , 77 ) G T cr(g)-y-^\ 
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When these two axioms are satisfied, T is said to be an admissible subset of 
regions, andA= (VpGT'^p)* ^olds. 

Proof. Let Afp = A.* for p € T, and let A/g> = Seeing that A < Af* for 

every region p, A < Ape? -^p “ Hence, there exists a morphism of automata 
a : A ^ Aff,. Moreover this morphism is unique. On the other hand, every region 
p = (ap, Pp) factors into (ids, Vp) ° (cp, la) where la ■ A ^ Tj; ,e{A) : LA{a) = a 
and (Tp is the unique morphism from A to Af* . As Aff, is the synchronized product 
of the net systems (A/^)pgy, a must be the map that sends each state 9 of A 
to the associated vector a{q) = {<Jp{q) ; p = {op,Pp) G T) (the p-component is 
computed by evaluating region p at state q). Since a is the unique morphism 
from A to Afy, and seeing that automata are accessible and deterministic, the 
assertion A = A/J is now equivalent to the conjunction of the following two 
assertions : u is an injective map, and (ii) q A in A whenever a{q) A in 

Aff,. Thus SSP is just another form of assertion (i), and ESSP is equivalent 

to assertion (ii) seeing on the one hand that, for p = {(Jp,pp), ap{q)^dt^ in t 
iff (Tp(g)— in Af* (by the definition of state graphs), and on the other hand 
that ap{q)AL^ in Af* for all p G T iff a{q)AL^ in Aff, (by the definition of the 
synchronized product). □ 

In view of the above propositions, all properties of Z\-automata that have been 
derived from properties GCl to GC5 may be reproduced for (if, if)-automata. 
We conclude with a remark. One could easily extend (if, if)-automata by includ- 
ing arbitrary (if, if)-algebras as algebras of complex actions. There is just one 
point in the technical development where we use the assumption that algebras 
of actions are initial (if, if) -algebras, namely when we infer that Pp{a) = p{a) 
for all a from pp = p* o l^ in the proof of lemma El and this inference is also 
correct in (if, if)-algebras. The reason why we stick to initial (if, if)-algebras is 
to keep a good intuition of algebras of actions. 

6 Conclusion 

We have proposed a theoretical framework for solving the net realization prob- 
lem, for two kinds of generalized automata. In each case the framework is uniform 
with respect to the type of nets (given as a generalized automaton) . Regions of 
an automaton, defined as morphisms from this automaton to a fixed type of 
nets, play a fundamental in net synthesis. Ehrenfeucht-Rozenberg separation 
axioms, relativized to regions induced by types of nets, supply in each case a 
plain characterization of automata isomorphic to reachable state graphs of nets. 

In an ordinary automaton (Q, A,T,qo), a transition t = q-^ q' comes with 
the source and target maps d^{t) = q and d^{t) = q', and with the labelling 
map X(t) = a. We have considered two kinds of generalized automata, namely 
Z\-automata and {E, if)-automata, which go beyond the above picture. 

In a Z\-automaton, a transition t is defined by a labelling action A(t) = a 
and a reaction d{t) : A ^ Q parametric on a set of controls A. The set of 
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controls includes a distinguished element •, such that d{t){») is always defined 
and represents the source of the transition. Each type of nets r = with 

the set of transitions r parametric on A induces a corresponding firing rule for 
all net systems (P, A, F, Mq) with flow matrix F : {P x A) ^ I and initial 
marking Mq : P ^ S. According to this firing rule, each net system is fit with 
a generalized state graph which is a Z\-automaton. Hybrid Petri Nets, Coloured 
Petri Nets, and Vector Addition Systems with States may be presented uniformly 
in this style, thus opening the way for their synthesis. 

In a (A, A)-automaton, a transition t = q', with source d^{t) = q and 

target d^{t) = q', is labelled with a complex action \{t) = e in the initial algebra 
‘As,e{A) generated from atomic actions in A (A is a signature and E a set of 
equations between A-terms). An admissible (A, A)-type of nets r = (S', I, r) has 
transitions labelled in 3^s,e{I), that is in the free (A, A)-algebra over I as the 
set of generators. Any such a type induces a corresponding firing rule for nets, so 
that again each net system is fit with a (A, A)-automaton as its generalized state 
graph. Truly concurrent Petri Nets, synchronous Inhibitor C/E-nets, and other 
forms of nets with non-sequential computations may be presented uniformly in 
this style. 

For each kind of generalized automata, we have tried to establish Galois 
connections between automata and net systems following two alternative ap- 
proaches: one categorical, in which types of nets are viewed as schizophrenic 
objects (living both in the category of transition systems and in the category 
of nets), and the other order theoretical. Both approaches were used in earlier 
works to obtain Galois connections between ordinary automata and net systems. 
The strong point of the categorical approach is the complete symmetry of the 
dual constructions of state graphs and synthesized nets. The strong point of the 
order theoretical approach is mathematical simplicity. 

Both methods are carried successfully from ordinary automata and nets to 
Z\-parametric automata and nets, if one defines morphisms of Z\-automata with 
sufficient care. Thus in some sense, making transitions functional does not deeply 
modify the relationships between automata and nets. The situation is different 
when labels of transitions are replaced with complex actions. On the one hand, 
the order theoretic Galois connection may be carried from ordinary automata 
and nets to (A, ^(-transition systems and nets with minor adaptations, on the 
other hand, we did not succeed to construct a dual adjunction between (A, A)- 
transition systems and nets based on a schizophrenic object. The most robust 
approach to establishing net representation theorems for automata seems thus 
to combine regions as morphisms with order theoretic Galois connections. 

Let us indicate directions for future work. One direction is trying to come up 
with a joint generalization of automata which would encompass Z\-parameterized 
transitions and complex actions, thus allowing to combine control and true con- 
currency. We have spent some time on this, without success so far. A second 
direction is to consider Z\-automata parameterized on sets A with structure. 
For instance, our framework is general enough to incorporate hybrid nets, but it 
seems that a thorough treatment of hybrid nets should take into account consid- 
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erations of continuity (see Droste and Shortt’s work presented in this volume). 
A third direction is to investigate the semantics of Petri nets with complex tran- 
sitions. We have only touched the surface of problems in this respect. Last but 
not least, in order to make the theory useful, the algorithmic aspects of the 
constructions put forward need be considered for specific types of nets. 
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Abstract. The paper introduces the notion of concurrent realization of 
reactive systems. A framework is also presented in which labelled safe 
Petri nets as concurrent realizations of concrete asynchronous systems 
are constructed. The construction is uniform in the sense that it extends 
to a realization of arbitrary commuting diagrams. We discuss applicabil- 
ity of the framework to construct maximally concurrent realizations of 
reactive systems. 



1 Introduction 

The intuitive idea of reactive system admits various formalizations. This paper 
accepts it as a starting point that the most abstract among them is the one 
provided by the notion of transition system. Another formalization, and the one 
that offers most intuitive description of concurrent behavior, is provided by the 
notion of Petri net. And indeed, given a Petri net as a model of a reactive system 
one automatically is also given a transition system model in the form of the case 
graph of the net. Each Petri net can thus be seen as a concurrent realization of 
its case graph. So, a fundamental problem of Petri net theory is the following. 

Given a transition system S, find a Petri net such that its case graph 

Cg{yi) is, essentially, equal to S. 

The first satisfactory answer to the problem was offered by Ehrenfeucht and 
Rozenberg, cf. M- They characterized a class of transition systems which can 
be seen as case graphs of a subclass of nets called elementary nets. Moreover, 
they provided a construction which for any transition system from this class syn- 
thesizes a required net. Our paper, together with several other papers included 
in this volume, see EFT2I . attempts to achieve further unification of the Petri net 
theory, by extending the boundaries of synthesis to larger classes of transition 
systems and nets. 

The fundamental problem can be seen as an instance of a general task of 
relating different classes of models. A fruitful, and well-established method of 
solving this type of problems is provided by category theory, cf. [Il tij . Firstly, one 
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should, for each class of models, come up with a suitable notion of morphism, and 
thereby turn the class into a category. Then, the aim is to establish a functorial 
translation of objects and morphisms from one category to the other, and back. 
It is desirable that the functors obtained in this way are adjoint. This would, for 
instance, provide means of transportation of categorical constructions between 
the classes. Ideally, one of the classes turns out to be more abstract than the 
other. This, formally, takes the form of the adjunction being a (co-)re flection. 
Existence of a (co-)reflection boils down to the observation that translating an 
abstract object to the less abstract category, and back, gives, essentially, the 
same abstract object again. To put it formally, the object thus obtained should 
be isomorphic to the original — the property often imposed in mathematically 
satisfactory formalizations of the fundamental problem of Petri net theory. 

The line of research described above was initiated in the 80s, and led by 
Winskel. As a result many models of distributed and concurrent computations 
were inter-related. In fact it was Winskel who first established a coreflection in 
the form required by the fundamental problem. But his solution worked only 
for unfoldings of concurrent behaviors on both sides, i.e., a coreflection was 
established between prime event structures and occurrence nets. 

In this paper we address the problem of finding a (maximally) concurrent 
realization of a reactive system within a categorical framework. Until now, all 
categorically motivated realization procedures looked for an adjunction between 
a category of abstract behaviors and a category of Petri nets, see 
As a result, in order to guarantee universality of the construction, the Petri 
nets constructed by the adjunctions tended to be huge, literally saturated with 
places. In practical applications this price for the universality seems too high. 
Thus, in order to work with smaller nets, the original regional construction m 
was ramified. The idea was to construct nets of the desired kind, and with a 
small or minimal number of places, see mm- To our knowledge, none of these 
constructions has been shown to have a categorical underpinning. 

Several novel ideas are put forward in this paper. 

First, a notion of concurrent realization of a reactive system is proposed. The 
idea is that the concurrency present in a Petri net taken as a realization should 
implement concurrency encoded in, or admissible for the given reactive system. 

Second, concurrent realizations of a given behavior are sought in the cate- 
gory of labelled Petri nets. Originally, see the problem of synthesis was to 
And a Petri net the transitions of which would be the actions of the synthesized 
transition system. This is a severe restriction — even simple classes of nets, like 
safe nets, when equipped with labellings can model behaviors which are beyond 
the scope of unlabelled synthesis presented in Note, though, that 

with labelling allowed one could end up with a trivial solution: each step be- 
ing synthesized as a separate transition. Thus, it is the demand that the Petri 
nets taken as realizations, should also implement the concurrency present in the 
abstract behaviors that makes the problem non-trivial. 

Third, we show that thus generalized synthesis problem can be solved uni- 
formly for a large class of concurrent behaviors represented by concrete asyn- 
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chronous systems. In m Morin characterized concrete asynchronous systems as 
products of the usual sequential transition systems in a suitable category. Our 
idea is to utilize this characterization, and conduct synthesis of sequential sys- 
tems only. Then, to obtain a realization of a concrete asynchronous system it is 
enough take the product of the sequential nets realizing its sequential component. 
The justification comes from a result that states that the notion of realization 
is consistent with products in both categories. 

As a by-product, we offer a discussion of general morphisms of Petri nets, 
see 1^. The class, introduced independently and much earlier by Vogler in his 
studies of processes of nets (EHl), deserves to be known as much as the classes of 
morphisms introduced and studied by Winskel and Nielsen et al. (pni). 

General morphisms, we argue, are indispensable in the context of categorical 
synthesis of small nets. 

The paper is organized as follows. 

Sect. Q explains why should we care about morphisms at all. Then, Sect. 0 
discusses categories of Petri nets, and their morphisms in particular. Here, we 
explain in what sense the morphisms introduced by Vogler are general, and what 
does it mean that a labelled Petri net realizes a reactive system. Sect. 0 recalls 
the aforementioned work m of Morin on asynchronous systems decomposable 
as products of sequential ones. We also show how one can build realizations of 
concrete asynchronous systems and their morphisms. Finally, Sect. 0 provides 
some examples and indicates how one can go about finding concrete behaviors 
of reactive systems, and discusses our plans for further research in this area. 

Acknowledgments. We would like to acknowledge stimulating discussions with 
Philippe Darondeau, Wieslaw Pawlowski, Rafal Somla and Andrzej Tarlecki. 
Remarks of the anonymous referees helped us improve the presentation. 



2 Why Should We Care about Morphisms 

2.1 Reactive Systems, Their Categories and Properties 

A transition system § is a triple § = {S, A, T) where S and A are sets, while 
T C S X Ax S. Thus, a reactive system represented by a transition system S, has 
states — the elements of S. It is capable to react to some external actions — the 
collection of all potential actions of 8 is A, also called the alphabet of 8. Finally, 
at each state the system is capable to accept/perform one of its actions and 
thereby change its state — this is captured by the transition relation T. 

Let 8 be a transition system. Only finite transition systems are considered 
in this paper, therefore S and A are finite sets. 

We let p, q, etc., to range over states, while a, b and so on range over actions. 
Usually, we write p — q whenever (p, a, q) € T, and call it a a-step in 8. Then, 
notation p — Lj., p and p — )■ q is used to indicate that either p q holds 
in 8 for some q, or for none, or for some a, respectively. Various sub- and/or 
super-scripts decorating transition systems are carried over to the components. 
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For instance, ^2 denotes the alphabet of § 2 , and so on. This convention applies 
in the sequel to all structures and their components. 

§ is deterministic whenever p — <7 and p r implies g = r. In the paper 
we consider only deterministic transition systems. 

Transition systems are often considered together with a designated initial 
state s € S. The set R§ of reachable states of such a pointed or initialized 
transition system ( 8 , s) = (S', s, A, T) is then inductively defined as the least set 
such that s € R$, and q € R§ whenever p G R$ and p — y q in 8 . A transition 
system 8 is reachable whenever all its states are reachable, that is S = i?§. 

Given transition systems 81 and 82 their morphism / is a pair / = {a, A) 
where ct : Si — >■ S 2 is a total function, while A : Ai ^ A 2 is a partial function, 
which together preserve the transition relation of 81 in the following sense. 

p q and AalJ. implies a{p) <r{q) 
p q and Aafl" implies a{p) = u{q) 

Notation AalJ., resp., Aaf|", above indicates that Aa is defined, resp., undefined. 
When Si and 82 are initialized, / also preserves the initial states, i.e., cr(si) = S 2 - 
This yields a category TS of transition systems, when composition of mor- 
phisms is defined componentwise and with pairs of identity functions as the 
identity morphisms. All transition systems considered in the sequel are assumed 
to be initialized. Subclasses of deterministic, reachable, and deterministic-and- 
reachable transition systems define important subcategories: c?TS, rTS and 
drTS, respectively. There is also an evident functor tke : TS — >■ rTS that, 
given 8 , produces its reachable subsystem lRe( 8 ) = {R$,s, A,T(l{Rs x Ax R$)). 
It cuts down to subcategories with deterministic systems. 

Intuitively, a morphism / : 8 — >■ 8 ' explains how the dynamic activity in 8 is 
simulated in 8 b The dynamic behavior of transition systems is often character- 
ized by means of properties expressible in a modal logic. Then, the existence of 
a morphism like /, with / = {a, A), is a proof that the following hold. 

— Modulo A, the liveness properties valid in 8 also hold in S', i.e., what is 
possible for 8 , is also possible for S'. 

— Modulo A, the safety properties valid in S', are also valid in 8 . Thus, 8 cannot 
do what is forbidden for S', i.e., all inevitable properties of S' hold in 8 . 

To substantiate the above claims let us consider a simple modal language. 

2.2 A Simple Language of Modal Properties 

The set ML^°{A) of formulae of the language, ranged over by (p and ipj is 
defined by the following grammar. 

(f ::= true | false \ ipA‘ip\ip\/ip \ \ Up \ accept® | refuse® 

The construction of ML^°(A) is parameterized with the choice of alphabet A 
of actions in the sense that each action a in A induces atomic formulae accept® 
and refuse®. 
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Each transition system § can be treated as a Kripke frame on which modal 
formulae can be interpreted, see m- The formal interpretation of is 

presented in Tabled 



Table 1. The interpretation of ML‘^°{A) 



s \= true 


always 




s \= p A 


iff 


s\= p and s\= 


s 1= false 


never 




s \= p V ijj 


iff 


s\= p or s \= Ip 


s 1= accept® 


iff s 


a ^ 


s 1= refuse® 


^ff 


a 

S / — y 


s 


h 


iff 


s — b t and t \= p for 


some t 


s 




iff 


s — b t implies 


t b p 


for all t 



Where s — t means s=sq — b . . . Sn=t for a possibly empty sequence of actions. 



Let ML^{A) be the subset of ML^°{A) obtained by removing all formulae 
which contain a sub-formula of the form Oip or refuse®. Similarly, MLP{A) is 
obtained by removing formulae containing 0<^ or accept®. 

Formulae in ML^{A) are existential in nature. If a system satisfies a formula 
accept® then it is capable of performing action a. Similarly, if the system satisfies 
Oif then during its evolution it may reach a state in which tp will be satisfied. 
Conversely, formulae in ML°{A) are universal in nature. If the system satisfies 
formula □(/? it will always preserve ip during its evolution. If it satisfies refuse® 
then there is no way in which it can perform action a. 

Consequently, formulae in ML^{A) and ML°{A) are identified as liveness 
and safety properties, respectively. 

Now, each partial function X-. A ^ A' induces a translation, also denoted A, 
of formulae in ML^'^{A) to formulae in ML^°{A') given in Table|21 Clearly, the 
translation cuts down to translations between liveness, resp., safety formulae. 



Table 2. Lifting a partial function on actions to translation on formulae 



A true 


= true 




A false 


= false 




\{p A V') 


= Xp A \4> 




X{p V tp) 


= Xp\/ Xf) 




\{Op) 


= OXp 




X{Dp) 


= aXp 




A(accept®) 


_ j accept^® 


if AaJJ. 


A(refuse®) 


_ f refuse^® 


if Aafl 




1 true 


if Aafl 




false 


if Aaff 



With the machinery introduced above it is now possible to formally capture 
the intuitive explanation of the role of morphisms of transition systems with 
respect to the modal/temporal properties enjoyed by their sources and targets. 
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To strengthen the results let us introduce a class of special morphisms that 
generalizes Park’s idea of bisimulation between transition systems. 

Morphism / : § — > SMs a zig-zag whenever A is a bijection, and <j(p) r 
in §' implies the existence of q and a such that aq = r, Xa = a' and p q in 

§. 



Proposition 1. Let (cr, A) :§—?>§'. Then, the following hold. 



s\=p 


implies 


as 1= Xip 


for p G ML^(A) 


S 1= 


whenever 


as 1= Xip 


for p G ML°{A) 


s\=p 




as 1= Xp 


for p G ML^°{A), provided f a zig-zag 



The proof of the above is elementary, and in fact the result is stated here as an 
instance of a large family of similar results which can be found in the literature 
for each possible modal or temporal logic of properties of reactive systems, see 
for instance ^21 Thm. 11.3]. 

The above proposition can be applied either to show that a given system 8 
enjoys a liveness property, or that it satisfies a safety property. In the former 
case, one can try to find a morphism / : T — >■ 8 from a simple ‘test’ system 
T that satisfies, modulo the translation, the required liveness property. In the 
latter case, one would look for a morphism / : 8 — ?> T to a ‘test’ system satisfying, 
modulo the translation again, the interesting safety property. 

In the sequel we turn to the problem of the concurrent realization of reactive 
systems. The above discussion, and Prop. Q in particular, should justify our 
interest in the question of realization of morphisms as well. 



3 Concurrent Realizations of Reactive Systems 

In this section the notion of asynchronous system is recalled, and put forward 
as a formalization of the idea of concurrent behavior of reactive systems. We 
also recall the notion of labelled safe Petri net, to be used as the concurrent 
realizations. Then, a formal definition of the idea of a labelled Petri net real- 
izing concurrent behavior of a reactive system represented as an asynchronous 
system is proposed. We discuss how difficult it is to effieiently synthesize con- 
current behaviors of reactive systems as labelled Petri nets, and to synthesize 
their morphisms at the same time. 

3.1 Asynchronous Systems 

Asynchronous systems were introduced in 1986, independently by Shields and 
one of the authors, see [2413) . The idea was to generalize the notion of transition 
system so that eoneurrency gets reflected in the model. 

An asynehronous system A is a pair A = (8, |]) where 8 is a deterministic 
transition system, and || C A x A is an irreflexive and symmetric binary relation 
of independenee defined on the alphabet of 8. The transition system underlying 
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the asynchronous system should satisfy the following swap property with respect 
to the independence relation. 

p q r and a \\ b implies p — ^ s r for some s € S. (1) 

The swap property is intended to capture an idea that can be traced back to 
Mazur kiewicz, ini, that often concurrent execution of actions can be faithfully 
represented by independence of the actions. This, rather restrictive view, does 
not work well for all categories of concurrent devices. It does work, though, for 
an important class of safe Petri nets. As a result, Mazurkiewicz traces qualify as 
computations of asynchronous systems, cf. |3]. 

In the sequel only initialized asynchronous systems are considered, i.e., we 
assume that the underlying transition system of each asynchronous system is 
initialized. Given asynchronous systems A and A! their morphism f : A ^ A! \s 
a morphism of the underlying initialized transition systems such that A preserves 
independence in the following sense. 

AalJ. A A&IJ. A a II 6 implies Xa ||' Xb (2) 

Asynchronous systems with morphisms defined above form a category AS. 

Intuitively, the larger the independence relation, the more concurrent is the 
system. Consequently, asynchronous systems with empty independence relation 
may well be called sequential systems. Note that condition CD is trivially satisfied 
by morphisms with a sequential system as the source. Therefore, the full subcat- 
egory of sequential systems is isomorphic to the category dTS of deterministic 
transition systems. We identify them in the sequel. 

Clearly, a restriction of the independence relation of an asynchronous system 
preserves the validity of the swap condition. Thus, there is an evident forgetful 
functor that maps an asynchronous system to its underlying transition system. It 
is not difficult to verify that, under the identification, dTS becomes a coreflective 
subcategory of AS. 

3.2 (Labelled) Petri Nets 

Most of the material presented here and in the following sections is standard, 
cf. 1^. It is presented to make the paper self-contained and to fix the notation. 

Let oj denote the set of natural numbers. Given a finite set X, a multiset on 
A is a function M : A — )> w. In this paper only multisets over finite sets are 
considered. The set of all multisets on A is denoted /iA. Relation M' < M, 
sum M -I- M', and difference M — M' , are defined argumentwise, the latter is 
defined only under proviso M' < M. Subsets of A, qua characteristic functions, 
are identified with multisets in p.X. Thus, elements of A, as singleton subsets 
of A, also live in qiX, empty set 0 is the empty multiset, finally, intersection n 
and union U of sets are conservatively extended to multisets as argumentwise 
minimum and maximum, respectively. 

A multirelation /3 : R A B' is a multiset on B x B' . By abuse of notation, 
a multirelation /3 is identified with a unique function j3 : fj,B — >■ fiB' defined 
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by {PM)b' = ■ Mb. As functions, multirelations are monotone and 

additive, i.e., satisfy (3{M + M') = (dM + fdM' and /30 = 0. In fact, every additive 
function comes this way. The transpose of /3 is a multirelation [3^ : B' ^ B 
defined by (3^b'b = f3bb' . 

A finite Petri net is a structure IN' = (B,E,F) where B and E are finite 
disjoint sets of places and events, respectively, while F : p{B x EiJ E x B) is a, 
flow multirelation. A Petri net IN' is marked if, additionally, it is equipped with 
a marking M C p,B called the initial marking of IN'. 

We let e range over E, b range over B, M range over fiB and 7 range over p,E. 
Notation b*e for F{b, e) and e*b for F{e, b) is often used. Also, taking the view of 
a multirelation as an additive function, we use *e and e* to denote the multisets 
of preconditions and postconditions of e, respectively. These, by additivity, are 
defined for arbitrary 7 € pE. 

Firing relation - - on pB x pE x pB is defined by: M [7) M' iff *7 < M 

and M' = M — *7 + 7*. We write M [7), and say 7 is enabled at M, if *7 < M. 

The case graph of a Petri net N is a transition system Q7(N) = {pB, E,T), 
where M — M' in Cg{J3) iff M \e) M' . Thus, in the case graph all information 
about the concurrent execution of events in N is neglected. The case graph 
of a marked Petri net is defined as Cg{J3,M) = ']ie{Cg{'K),M). Thus, only the 
reachable markings are considered as states. Let us recall that the set of reachable 
markings, denoted by M, is the least set of markings such that M S M and 
M 2 G M whenever Mi G M and Mi [e) M 2 for some e. 

A marked Petri net IN' is safe if M is a set, and e G E, M reachable and 
M [7) imply that *e, e*, M and 7 are sets. A state machine is a safe Petri net in 
which all these sets are singletons. 

A labelled Petri net is a structure L = (IN', A, tj where IN' is a Petri net, the 
underlying Petri net of L, A is a set of actions, ranged over by a, and i : E ^ A 
is a labelling function. If IN' is marked then L is a marked labelled Petri net. 

The case graph Cg{L) of a labelled net L is a transition system (pB,A,T) 
where T is the least relation on pB x A x pB that satisfies: M [e) M' implies 
M M'. If L is marked, then Cg{E,M) = •Jie{Cg{E) , M) . 

3.3 Morphisms of (Labelled) Petri Nets 

The notion of a morphism used in this paper was introduced by Vogler already 
in 1991, see m- His idea was to extend the notion of a process of safe nets 
to arbitrary P/T-nets. For that purpose it turned out that a new notion, more 
general than the the one earlier introduced by Winskel, is useful. 

Unaware of this research we have rediscovered and studied the same notion 
in jSj . Our goal was to find a simple functorial realization of a sequential system 
as a labelled state machine, see Proposition 0 It turns out that this task cannot 
be achieved with the simpler notion of morphism introduced by Winskel. 
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Definition 1. Let yi and Af' be Petri nets. A general morphism / : 7^ — >■ >1' is 
a pair f = (/3, rj) where rj : E ^ E' is a partial funetion and (3 : p,B — ?> p,B' is a 
multirelation whieh together fulfill the following conditions. 

1 . '{pe) < /3(*e). 

2. /3{e*) = /3(*e) - *(rye) + {pe)*. 

If the nets are marked then, additionally, f should preserve the initial marking. 

3. (3M = M'. 

In the definition above, the partial function p is lifted to a multirelation. Then, 
in particular, Tye = 0 whenever p is undefined on e. If this is the case, condition El 
simplifies to /3(e*) = /3(*e). 

The terminology general morphism is justified by Proposition 0 which shows 
that this class of morphisms is in a sense optimal. First, though, let us verify 
that what we obtain is a category, denoted PN in the sequel. 

Proposition 2. Petri nets and general morphisms form a category. 

Proof. Obviously, the pair of identity functions (qua partial function and mul- 
tirelation, respectively) form a morphism of Petri nets. 

Conditions El and 0 can be checked by easy calculations. For marked nets, 
the composition of multirelations fulfills also condition El n 

Conditions 0 and 0 of Definition 0 together guarantee that general morphisms 
map steps in the source net into steps in the target net. 

Lemma 1. Let {j3,p) : FI — )> IM' be a morphism in PN. Then Mi [e) M 2 in Ff 
implies (3Mi \pe) (3 M 2 in FI'. 

Proof. Let Mi [e) M 2 in FI, i.e., *e < Mi and M 2 = Mi — *e + e*. Then, /3(*e) < 
l3Mi and ( 3 M 2 = f3Mi — /3(*e) -|- /3(e*). By conditions 0 and 0 of Definition 0 
*(??e) < l3Mi and (3M2 = (3Mi — *{pe) + (pe)*, i.e., [3Mi \pe) f3M2. □ 

Interestingly, the converse to Lemma 0 also holds. 

Proposition 3. Let FI, FI' be Petri nets, while (3 : pB — >■ pB' and p : E ^ E' 
satisfy the conclusion of LemmaUi Then, {f3, 77) : FI — >■ FI' m PN. 

Proof. Clearly, *e [e) e* in FI. Thus, /3(*e) [pe) /3(e*) by the conclusion of Lemma0 
Now, conditions 0 and 0 follow by the definition of firing relation. □ 

Another way of reading Lemma 0is that the general morphisms of Petri nets 
give rise to morphisms between the corresponding case graphs. 



Proposition 4. The case graph construction is a functor Cg : PN — ^ TS. 
Proof. Immediate, by Lemma 0 



□ 
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Thus, Proposition |3 says that PN is the largest category of Petri nets with 
morphisms given as pairs / = (/3, 77 ) such that the case graph construction maps 
/ to a morphism of transition systems. 

The definition of morphisms of labelled Petri nets is obtained by adding 
additional component to cope with the labels. 

Definition 2. A general morphism / : iL — >■ C' of labelled Petri nets is a triple 
f = (/3, rj, A) where (/3, 77 ) is a general morphism of the underlying nets, and 
X ■. A ^ A' is a partial function such that the following strong equality holds. 

4 . A = rfj'. 

It is immediate to verify that labelled Petri nets with their morphisms con- 
stitute a category, denoted £PN in the sequel. The following generalization of 
Proposition 0 also holds. 

Proposition 5. The ease graph construction on labelled nets, extended with 
Cg{{fi, 77 , A)) = (/?, A) gives a functor Cg : €PN — TS. □ 

3.4 Comparison with Winskel’s Definition 

It seems that Reisig was the first to view Petri nets as 2-sorted algebras. The sort 
of places lives in the category of multisets, with multirelations (additive func- 
tions) as morphisms. The sort of events lives in the category of partial functions. 
Operations are: pre- and post-conditions and, for marked nets, initial marking. 

In [2?SI29j Winskel proposed that morphisms of nets should be (presentations 
of) homomorphisms of such algebras. Consequently, a pair {P,r]) as in Defini- 
tion n is a Winskel morphism if it satisfies the following condition. 

— *{r]e) = /3(*e) and (pe)* = /3(e*). 

Morphisms of marked nets preserve the initial marking as well: (dM = M' . 

It has been shown in |2H1 that Winskel morphisms satisfy Lemma Q1 In fact, 
the following is immediate. 

Proposition 6. Every Winskel morphism is a general morphism. □ 




Fig. 1. General, non-Winskel morphism 
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The converse does not hold. To see this consider Fig. d It depicts a general 
morphism of marked Petri nets, let us call it {P,rj), which is not a Winskel 
morphism since 0 = *{f]ei) < /3(*ei). In fact, it is easy to see that there is no 
Winskel morphism / such that Cg{f) = Cg{{l3,r])). 

Another, more complex example, is presented on Fig. |21 It demonstrates 
that the need to use general, non-Winskel morphisms does not depend on the 
partiality of the event part of morphisms. The morphism on Fig. |2|explains how 
the sequential execution of ei’s and e 2 ’s in Ff+ can be simulated by a parallel 
execution of Ci and 62 in Jsf|| . The multirelation component j3 of the morphisms is 
a relation. Clearly, the initial marking is preserved. The singleton initial marking 
of net ^1+ is shared as the precondition of both e'^ and e'^- In the target net Tsfy, 
the images of e'l and e '2 do not have a common precondition. Thus, for example 
the inequality < /3(*e^) is strict. In fact, all inequalities are strict in this 

case. Again, there is no such Winskel morphism from iM_|_ to IM|| . 




Fig. 2. General morphism from 1^+ to >f|| 



3.5 Properties of Case Graph Functor 

Since nets are to serve as realizations of reactive systems, the latter represented as 
transition systems, it is important to explain what it means that a net iNl realizes 
a transition system §. The answer put forward by Ehrenfeucht and Rozenberg 
in their seminal paper was that § should be, up to inessential renaming of com- 
ponents, equal to the case graph of IN'. Formally, we demand equality up to an 
isomorphism of transition systems, notation Cg{J^) ~ §. 

Thus, the problem of finding a realization of a reactive system could be cast 
as the problem of finding a construction Sn which, given a transition systems §, 
synthesizes a net 5h(S) such that Cg{Sn{§)) ~ 8 . Ideally, Sn : TS — ?> PN would 
be a functor inverse to Cg. To see how hard is the task to find such a functor let 
us consider two properties that Cg could enjoy to make the task easier. 

First, the case graph functor is not faithful. That is, given two Petri nets 
IMi and and a morphism / : C(/(iN'i) — ?> C( 7 ( 1 M 2 ) between their case graphs, 
there can be many general Petri net morphisms (/3, 77 ) : IMi — > 1^2 such that 
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/ = Cg{{P,r])). To see an example consider a somewhat more saturated version 
of and the morphism from iNflj. to iM||, all described on Fig.0 




There is a morphism from to 3Nf+ which simply erases from the source 
all places that are not present in the target. This morphism is mapped to an 
isomorphism of the corresponding case graphs. Composing it with the morphism 
presented on Fig. Elyields another morphism from DNlIj, to Although different, 
both morphisms are glued by the case graph functor. 

Since Cg is not faithful it follows that each inverse construction defined already 
on transition systems would have to choose one of possibly many morphisms. 
But the case graph functor is not full either, i.e., there are nets Ffi and iN 2 , 
and a morphism of their case graphs / : Cg(T^i) — >■ Cg{'N 2 ) such that there is no 
morphism (/3, ry) : IMi — ?> 7^12 so that / = Cg{{P,r])). A counterexample follows. 
Hence, the initial choice of the nets realizing a transition system has to be wise. 

In the example on Fig.Elboth Petri nets have isomorphic case graphs. Yet, no 
morphism from to INf-i- realizes the isomorphism between their case graphs. 




Fig. 4. Two realizations of 



358 Marek A. Bednarczyk and Andrzej M. Borzyszkowski 



Indeed, assume there is a morphism (/3, 77) : t which maps 62 in 

to 62 in Then this morphism relates the only postcondition of 62 in to 
place &2 as the only postcondition of 62 in 1M+ as the following argument shows. 
Condition 121 of Definition ^ implies fiCe^) + &2 = + ^i- So /3(e2*)&2 > 0 

follows from 61 62. The postcondition constituting 62* in belongs to the 

initial marking. Thus, it may only be related to a place in the initial marking of 
N.!-, and we arrive at a contradiction. 

Incidently, the isomorphism in the opposite direction from to 

can be realized, cf. Sect. 14.41 but not as a Winskel morphism. 



3.6 Labelled Petri Nets as Concurrent Realizations 
of Reactive Systems 

We have started this section by arguing that to talk about the concurrent real- 
ization of reactive systems one has to be able to express concurrency in the un- 
derlying formal model. Subsequently, asynchronous systems have been suggested 
as a suitable extension of transition systems. With accord to the discussion in 
Sect. 13.51 we insist that a net N realizing given asynchronous system A = (§, ||) 
should have its case graph isomorphic to the transition system underlying the 
asynchronous system, i.e., Q?(N) ~ S. However, in most applications one is nei- 
ther interested in all markings of a Petri net, nor in all states of a transition 
system. Most of the time people use initialized transition systems and marked 
Petri nets. Consequently, we restrict the requirement to the sets of reachable 
markings and states, respectively. In fact, this requirement has already been 
built into the definition of the case graph of a marked Petri net. 

Now, concurrency is represented on both sides. In a Petri net it even comes 
in two forms. Two events are structurally concurrent if their pre- and post- 
conditions are disjoint, while dynamic concurrency is the ability to execute a 
multiset of events at a reachable marking. Concurrency in an asynchronous sys- 
tem is the ability to perform two or more independent actions one after another, 
and so in any order. Thus, in order for a net to be a concurrent realization of 
an asynchronous system it should be the case that the concurrency represented 
on both sides agree. The following definition intends to capture the above ideas 
and is central to further developments. 

Definition 3. A labelled marked net L = (N, M, A, f) is called a realization 
of a reachable asynchronous system A = (§, ||), where § = {S,s,A,T), if the 
following hold. 

1. Cg{L) = (M,M,A, [_)) equals § up to an isomorphism that is identity on 
labels. 

2. M G M. and M [ei-|-e2) imply le\ || le^; 

3. £ei II ic2 implies (*ei U e*) fl (*62 U e*) = 0. 

A morphisms (/3, 77, A) : L — >■ L' is a realization of a morphisms f : A ^ A' of 
asynchronous systems if Cg{{/3,r], X)) equals (up to the isomorphism) f. 
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The first condition above generalizes the usually accepted requirement that 
the sequential case graph of a Petri net realization of a transition system should 
be isomorphic with this transition system, and that the alphabet of the transition 
system should play the role of the set of events in the net. 

Condition says that the dynamic concurrency present in the realization 
is always justified in the specification. 

Finally, condition m3 ensures that all events labelled as potentially concur- 
rent in the specification are structurally concurrent in the realization. 

Without conditionOPI) the problem would admit a trivial solution. This is the 
case when one considers sequential systems. One can, for instance, disambiguate 
different occurrences of the same action by means of a labeling. Suppose that, 
together with the labeling, an elementary transition system is obtained in this 
way. Then one can apply the construction based on regions, cf. 1201, and carry 
the labeling over to thus synthesized elementary net. The result would be a 
labelled safe Petri net saturated with places, and with reachable markings as 
the distinguished family. 

Here, thanks to general morphisms of ['itildj . a simpler realization functor 
from sequential systems to labelled safe Petri nets is put forward. In practical 
applications, see Pj, it is better to work with Petri nets which are as small as 
possible. Thus, many synthesis techniques have been proposed which aim at 
minimizing the number of places in the synthesized net, cf. fmTTi| . None of 
these techniques, though, have been shown to be functorial, even for sequential 
systems. Our proposal is based on simple kind of sequential nets known as state 
machines. 

Formally, we define functor Sm returning a state machine for every transition 
system. Thus, by convention, we can consider Sm to be defined on all sequential 
(asynchronous) systems. 

Definition 4. Let S = (S^s,A,T) be a transition system. Then Sm{§) is a 
labelled Petri net (S,T,F,s,A,£) where (p q) = (jy g)* = q and 
(■{P -AA q) = a. 

Let (tr. A) : § — >■ §' be a morphism of transition systems. Then the morphism 
of labelled Petri nets is defined as Sm{{a,X)) = {a,rj,X) : Sm{§) — >■ Sm{§') 
Here rj : T ^ T' fulfills rj{p — g) = ap aq if Xa is defined and undefined 
otherwise. 



Proposition 7. Sm is a realization functor for sequential asynchronous sys- 
tems. 

Proof. Obviously, Cg{Sm{{§,^))) = § and Cg{Sm{{a, X))) = (cr. A). □ 

The functoriality of the construction hinges on the use of general morphisms. In 
fact, general morphisms were introduced precisely to achieve this functoriality. 
If a morphism between transition systems is total on actions, i.e., synchronous 
in Winskel’s terminology, then this morphism, qua a Petri net morphism, is a 
Winskel morphism. 
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Since d, which has introduced the idea of region, the problem of synthesis 
of nets from transition systems has received a lot of attention. Here, ^ serves as 
a recent account on the developments in theoretical net synthesis based on the 
theory of regions. Yet, to our knowledge, all theoretical approaches to synthesis 
have always sought to reconstruct the actions of a transition system as the 
events of the synthesized net. As a result, the theoretical synthesis has limited 
applicability, i.e., not all transition systems can be synthesized. For instance the 
transition system S with transitions s p\ p2 and s — ^ qi q2, and 
with p2 yf 92) is not synthesizable within this framework. 

This is in marked contrast to more practical approaches, see ISEE 8 ) which 
strive always to provide a solution, even at a price of resorting to heuristics. One 
of the techniques used in tools like Petrify ( 0 ), when the theoretical synthesis 
fails, is action splitting in the elaborated transition system. Then, the process 
of theoretical synthesis can be applied to the modified transition system with 
better chances of success. Action splitting is nothing else than introduction of 
an implicit labelling of events. From this perspective, introduction of the la- 
belling into the definition of concurrent realization can be seen as a step towards 
reconciliation of the theoretical approach with the practical needs. 

Our notion of concurrent realization is very general. In particular, it ad- 
mits arbitrary labelled marked Petri nets as potential concurrent realizations of 
asynchronous systems. In fact, without too much work the notion can be gen- 
eralized even further to allow classes of concurrent behaviors more general than 
asynchronous systems, see e.g., HIES]. 

On the other hand, the addition of labelling makes even a small class of safe 
nets very expressive. The category of safe Petri nets is attractive to work with 
since it admits many constructions, cf. Therefore, in the next sections 

of the paper we develop a theory in which labelled safe Petri nets serve as the 
pool in which concurrent realizations are sought. 

4 Concurrent Realizations 

of Concrete Asynchronous Systems 

In this section the notion of a concrete asynchronous system is recalled, and 
some recent refinements and results are presented. Then, we show that arbitrary 
finite diagrams in the full subcategory of concrete asynchronous systems admit 
systematic realization in the category of safe labelled Petri nets. 

4.1 Concrete Asynchronous Systems 

Recently, see m, Morin has provided a characterization of those asynchronous 
systems which are isomorphic to the mixed products of sequential systems com- 
puted in a subcategory of reachable asynchronous systems. 

It all starts with a choice of suitable morphisms. Recall that in Def. OtQ]) we 
insisted that the morphism does not rename the actions. This property character- 
izes the notion of morphism used by Morin. Formally speaking, morphisms used 
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in m do not constitute a subclass of morphisms studied in IHEOj, as recalled in 
Sect. 13.11 since their state part is often partial, defined on the reachable states 
only. The following modification rectifies this minor difference, but it should be 
kept in mind when we recall Morin’s results. The terminology used follows 0. 

A morphism / : S — >■ §' of transition systems is rigid whenever AAA' and 
A : A ^ A' is the partial identity transposed to this inclusion, i.e., Aa = a iff 
a S A', and undefined otherwise. A morphism of asynchronous systems is rigid 
iff it is a rigid morphism of the underlying transition systems. 

One can easily verify that the class of rigid morphisms includes identities, and 
is closed under composition. Hence, asynchronous systems with rigid morphisms 
form a subcategory AS’’ of AS. 

Note that transition systems S and §' are rigid isomorphic, notation S ~ §', 
iff both share the same alphabet and if there exist a bijection between their 
states which preserves and reflects the transition relation. In the sequel we often 
consider rigid isomorphisms up to reachable parts, notation § rZ §', defined by 
IRe(S) ~ Ike(S'). Thus, Def. 0P) could now be restated as Cg{Z) ~ §. 

Asynchronous systems A and Al are rigid isomorphic, notation A ~ A', iff 
§ ~ S' and both share the same independence. Similar characterization applies 
to A ^ A' defined by Ike (A) ~ Ike (A'). 

In Morin has shown that the category of asynchronous systems with rigid 
morphisms admits products, called mixed for historical reasons, cf. H3|. 

The mixed product of a family (A)ig/ of asynchronous systems, denoted 
Ai, is an asynchronous system (n II), where 

- {pi)iai A4 {qi)idi iff either a G A^ and Pi A 4 g . or a ^ Ai and pi = qi, 

— o II 6 iff a ||i 6 whenever {a, b} C A^. 

Thus, an a-step in the product comes about by a synchronous execution of a- 
steps in all components with a in their alphabets, while the other components 
remain idle. 

The reader should note that when all the components of a product are se- 
quential the independence in the product is rather special. Namely, two actions 
are independent in the product iff they never occur in the same component. 

The fcth projection tt^ : Ai — >■ Ak consists of the fcth projection on 

states, and the partial function transpose to the inclusion A^ C [J^^j Ai. Now, 
we can quote the following result proved in cni Lemma 1.3]. 

Proposition 8. Mixed products with their projections are categorical products 
in the category of asynchronous systems with rigid morphisms. □ 

An asynchronous system A is concrete if there exists a family of sequential 
asynchronous systems {Ai)i^i such that A ~ Ai. 

As an example consider two sequential asynchronous systems, one with tran- 
sitions p q and p q' and the other one with transitions r AA r' r". 
Their mixed product contains unreachable states, see Fig. 00 Both, this prod- 
uct and its reachable part, are considered concrete. 
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Now, let A be a set and || an independence relation on A. We let Q = Q(A, ||) 
be the family of all cliques of dependent actions, Q = {A C A | (Z\ x Z\) C jj'}. 
The subfamily of maximal cliques is denoted by X. 

Let A = {S, s, A, T, ||) be an asynchronous system. Given A C A, one defines 
an equivalence relation on S, also denoted by Z\, as the least equivalence relation 
such that the following holds. 

— p — Lj, q and a ^ A implies p A q. 

— p A r and p q and r s implies q A s. 

The construction above allows to consider quotients of asynchronous systems. 
Let A G Q(A, II). Then, a A-quotient of an asynchronous system A = 
(5, s. A, T, II), is the quotient sequential system k^(A) = [s]^, Z\, 0), 

where Ta is the least relation such that p Al^ q, a G A, implies [p]a — ^ W\A- 
Above, and in the sequel, [s]zi stands for the class of states Z\-equivalent to 
s. Each quotient ka{A) comes with a rigid quotient morphism [_] : A — ?► Kzi(A) 
given on states by s !->■ [s]zi. The assumption A G Q(A, ||) is necessary and 
sufficient to ensure that the morphism preserves independence relation, cf. 0). 

Morin has shown, cf. na Lemma 2.2], that (the reachable part of) a mixed 
product of sequential systems is isomorphic to (the reachable part of) the mixed 
product of its quotients. 

Lemma 2. Put A = nie/ Ai, and let Ai denote the alphabet of Ai, for i G I. 
Then A Hie / (-4) • □ 

Let M C Q be a family of cliques of the dependence relation jj' of an asyn- 
chronous system A. Consider the following properties. 

state-state M.-separation P ^ <l implies {3 A G M) [p]a [<i]a (3) 

state-action M-separation p fA^ implies (3 Z\ G M, a G Z\) \p]a (4) 

M fully captures || a if b implies (3 Z\ G M) {a, b} C A (5) 

Now, the two M-separation axioms 0 and m provide a simple criterion for 
deciding when a reachable asynchronous system is concrete, cf. ^3 Thm. 2.3]. 

Theorem 1 (Morin). A reachable asynchronous system A is concrete iff there 
exists a family M C Q such that axioms (0 and m are satisfied. □ 

Moreover, given M C Q such that reachable A satisfies both M-separation ax- 
ioms, it follows that A ~ (H^gM ^^(-^)) ■ If M' C Q is another family of 
cliques such that (V Z\ G M) (3 Z\' G M') A C Z\', then A satisfies M'-separation 
axioms as well. Hence, in the quest for a family that ensures separation axioms 
it is enough to consider M such that X C M, e.g., M = X or M = Q. 

4.2 Concrete Asynchronous Systems Revisited 

Let II be an independence relation on a set A. Assume that there is a construction 
that assigns to the family Q = Q(A, ||) of all cliques a subfamily M C Q which 
also covers A, i.e., (JM = A. 
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Then, given an asynchronous system A with actions A and independence ||, 
we associate with it a family Tm(-4) = {ka{A) | Z\ G M} of quotients. 

The family of the corresponding quotient morphisms gives a cone in the 
category of asynchronous systems with rigid morphisms. Thus, from the general 
nonsense it follows that there exists a unique rigid ^ ^ H*" 3 ^m(-4). 

Note that the products in full subcategories of reachable asynchronous sys- 
tems are computed as reachable parts of the products in AS, resp., AS’’. Then, 
if v4 = IRe(A) is reachable we obtain : A — >■ 3^e(n^ 3 ^m(A)) by taking appro- 

priate corestriction on the state component. 

Here comes an elementary characterization of e^. 

Lemma 3. e“ : A 9 ^m(A)) is a rigid morphism = (cr, A) where 

(as) = ([s]zi)zigM and A = id^. 

Moreover, A reflects the independence whenever M satisfies (E|). 

Proof. Consider (cr. A) as defined. A can indeed be taken as the identity because 
of IJM = A. Given a transition p q in A, either a £ A, then [p]a — ^ 
or a ^ A, then [p]a = [q]A- This is precisely the definition of an a-transition in 
the product. 

Two independent actions cannot belong to the same clique, hence they are 
independent in the product too. The converse holds when M fully captures the 
independence relation, (0. □ 

Now, Theorem dean be reconstructed. 

Proposition 9. Let A be a reachable asynchronous system. Then, the following 
are equivalent. 

1. A is concrete. 

2. There exists a family M C Q, A = IJM, such that : A — >■ Tm(A)) 

is a rigid isomorphism. 

3. There exists a family M C Q, A = J M, such that A fulfills both M- 
separation axioms and 0; and axiom O’ too. 

Moreover, eac/i lRe(]([’^ Tm(A)) satisfies Wl-separation axioms. 

Proof. Suppose A ~ Ai) for some family of sequential systems. Define 

M = {Ai \ i £ I}. Clearly, M C Q and A = JM. To see that is an iso- 
morphism let us show that every projection from A onto Ak factorizes through 
the equivalence relation defined by clique A^. In the base case (si)ig/ is Ak~ 
equivalent to (s'fji^i due to the existence of an a-transition, with a ^ Ak, from 
the former vector to the latter. But then Sk = sj.. This equality is preserved 
in the inductive case. The above gives morphisms from k^,,(A) to Ak, and we 
easily check that, together, they give rise to an inverse to e“. 

The converse implication follows by definition. 

The state-state separation axiom is equivalent to being a 1-1 mapping. 
The image of A under consists of tuples ([s]/i)zigM, s £ S. The initial state 
in the product is of this shape. To see that all reachable states in the product 
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belong to the image one has to check that given a transition ([s]zi)zi£M — ^ in 
a product we can find a single state s' such that s' in A and s A s' for 
all A. In view of the state-state separation lemma, s is the only candidate for 
s AAf . Hence, in the context of state-state separation axiom is onto iff the 
state-action separation axiom holds. 

Finally, if M does not satisfy © it can be enlarged to a family of cliques that 
fully captures || without violating the M-separation axioms. 

The last statement of the theorem follows from the previous ones. □ 

An asynchronous system that does not fulfill state-state separation axiom has 
states p, q and s, transitions s p q and s — ^ q with a || b. Then 

the only cliques are singletons, and s and p are both {b}- and {a}-equivalent. 

Consider now an asynchronous system with transitions s — p and s — ^ q, 
all states different, and with relation a || b. Again, the only cliques are singletons, 

and p while s -!A and s is {6}-equi valent to p, i.e., [p]{b} — ^ . The reader 
will check that the product of the two quotients of the system has an extra state 
allowing for a concurrent execution of a and b. 

Consider a morphism f = {a, X) : A' — >■ A of asynchronous systems. 

For each Z\ G Q let A^(A) = {a' £ A' \ Xa' G Z\} be the strict inverse image 
of A via A. Above, by convention, Xa' G A holds only when Xa' is defined. 



Lemma 4. Let f : A! ^ A he a morphism of asynehronous systems. Given 
A G Q put A' = X^{A). Then, A' G Q'. Moreover, p A' q implies up A uq. 
Hence, : K/^i{A') — t m(-4), where ua{[s]a') = [<7s]^ and X^a = Xa, is a 
morphism of (sequential) asynchronous systems. 

Proof. Let a,b € A' = A^(A), where A G Q. Then Aa jj" Xb. So, a ||' b is 
impossible since morphisms preserve independence. Thus, A' is a clique. 

The next claim follows by induction on the derivation of p A' q. Indeed, in 
the base case p A' q since p Ai^ q where a ^ A^(A). Now, if Aa defined, then 
surely Aa ^ A. Thus, since up AA^ uq, it follows that up A uq, as required. Same 
in case Xa undefined, since then up = uq. The inductive step is even easier. 

The last claim is immediate. □ 

The following proposition makes use of the lemma and allows to glue the 
morphisms described there. 



Proposition 10. Let f : A' ^ A in AS. Let M' and M he families of cliques 
on A! and A respectively. Assume A G M implies A'^(A) G M' and assume M' 
fully eaptures the independence relation in A'. 

Then f^ : n’'3'M'(Al') -t n’'3'M(Al) defined by u^ {[sA']A')A'em' = 
([o’(sA^(zi))]zi)ziGM and X^ = X is a morphism of asynchronous systems and 
the following diagram eommutes. 
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A' 



^A' 






/ 

A 



^A 



Y 

^ n" ^m(^) 



Proof. First we show that is a morphism of transition systems. 

Indeed, by Lemma 0 both its parts are well defined. 

Now, take a transition in ]^^Tm'(. 4'). Without loss of generality the it has 
the form {[pa']a')a' where for all A' G M' the states pA'^ 

qA’ are such that either pA> — ^ qA> in A' where a G A', or pA' — qA' and 
a ^ A' . Now, consider Z\ G M and let A' — A^(Z\). Assume \a is defined. Then 
o'iPA') ^ in A. If Xa G A, then [a(pA')]A ^ [cr{qA')]A in m(A), 

otherwise, [(j{pa')]a = [cr{qA’)]A- Therefore, {[o-{pa')]a)a ^ {W{qA')]A)A- If 
\a is undefined, then a{pA') = o’(qA') for all Z\', and hence, glues both states 
of the transition. Thus, / is a morphism of the underlying transition systems. 
The diagram in question commutes, by construction of f^. 

By Lemma 01 the independence in Tm'(A') is the same as in A' . Surely, A 
preserves it in A, and this is included in the independence of n*" 3 ^m(A). Hence, 
is a morphism of asynchronous systems too. □ 

Consider F, an arbitrary small commuting diagram in the category of all asyn- 
chronous systems. It may contain no morphisms, several or even alu morphisms 
in AS. Then Proposition II 1)1 provides means to generate, for each asynchronous 
system that appears as an object in diagram F, a family of cliques in a way 
which turns F into a commuting diagram: F'^ = {/^ | / G F}. 

Proposition 11. For each object A in F fet M = M(Al) be a family of cliques on 
A that fully captures the independence. Then, there exists minimal extensions Mp 
of each M, such that F^ = |/^ : — >■ | / : A — )> A' G F } 

becomes a commuting diagram in AS. 

If, moreover, A is M.-separated, then it satisfies M.^- separation axioms. 

Proof. It is easy to verify that the assignment / i— >■ f^ preserves identities. 
Moreover, it preserves the composition of morphisms whenever each of them 
satisfies the assumption of Proposition EH Thus, the only problem is to fulfill 
the assumption by suitably extending each M. 

Mf’s are constructed in stages. First, for each A in F take Mq = M. Then, 
given M„ put = M„ U {A^(Z\') | / : A — ?> A' G F, Z\' G }. Finally, put 

= Un>0 

By construction. A' G Mp implies A^(A') G Mp for each / : A — >■ A' in F. 

^ To avoid foundational issues we could consider, for instance, only transition systems 
in which all states and actions are subsets of a fixed set of large cardinality. 
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Finally, from M C Mp it follows that if A is M-separated then it satisfies 
Mp-separation axioms. □ 

Proposition HD can be applied, for example, to two universal choices of a 
family of cliques M for each ^ in F: M = Q and M = X. The first case is 
trivial in the sense that Qf = Q whatever F is. In the second case the outcome 
depends on F. If, for instance, we take F = AS, then Xp = Q. But for finite F 
the resulting family Xf is usually smaller. 

In both cases, i.e., for M = X or M = Q, the following is immediate. 

Corollary 1. If F is a diagram in the full suhcategory of concrete asynchronous 
systems then Ike(F^) is rigid isomorphic to F. □ 

4.3 Comparison with Elementary Transition Systems 

The theory of concrete asynchronous systems subsumes, in the sense discussed 
below, the theory of elementary transition systems initiated by Ehrenfeucht and 
Rozenberg, see e.g. HIED]- The results presented below extend from elemen- 
tary transition systems to semi-elementary transition systems of m and to 
asynchronous systems are obtained as the case graphs of (unlabelled) safe nets, 
see m- At the same time, as we shall see, there are simple examples of concrete 
asynchronous systems which fall beyond these classes. 

A region R in a transition system 8 = (S', s. A, T) is a set of states, RQ S, 
such that given a transition p -Fa 9, the value of y(p) — x(g), where y stands for 
the characteristic function of R, does not depend on p and 9, but is a function 
of a only. We write R*a if p — iE. 9 implies x{p) ~ xio) — 1 a*R if p q 
implies y(p) - xid) = -1- 

Deterministic and reachable transition system 8 is elementary if the following 
conditions are satisfied. 

— no loops: p q implies p ^ q, 

— no parallel arrows: p q and p — ^ 9 imply a = b, 

— no junk: every action can be enabled in some state, p — 

and, additionally, regional separability axioms of Ehrenfeucht and Rozenberg: 

— state-state separation: p ^ q implies p € R and q ^ R, for some region R; 

— state-action separation: p f — implies p ^ R and R*a for some region R. 

Given a transition system {S, s, A, T) define a relation || C A x A as follows. 
® II ^ iff — P — ^ -lb), q A4 for some p, 9. (6) 

In the sequel || defined by (jS|) is called the canonical independence induced by 8. 
The following result justifies this terminology. 

Lemma 5. An elementary transition system 8 together with its canonical inde- 
pendence relation makes an asynchronous system. 
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Proof. To see that || is irreflexive suppose to the contrary p q for some 
a^p, q. Then p ^ q and, further, p G R and q ^ R, for some region R. Then we 
have both R*a and q, a source of an a-arrow, is not in R — a contradiction. 

Symmetry of || follows from the swap property. Indeed, suppose p — ^ q r 
and b || a. First we show that p . Indeed, otherwise there would be a region R 
such that p ^ R and R*a. Then q G R, hence b*R. But there exists a state being 
a source of both a- and 6-arrows. Conditions R*a and b*R cannot be fulfilled 
simultaneously, hence p q' for some q' .In & similar manner one can see that 
there exists r' such that q' — ^ r' . Now, given any region R and its characteristic 
function %, 

X{p) - X{q) = XW) - X{'r') 6-arrows 

X{p) - xW) = x{q) - X{r) o-arrows 

and hence x(r) = x(^0- state-state separation condition, r = r' , which 
finishes the proof. □ 

In fact, only a minor modification of a proof of the above is required to 
show that also semi-elementary transition systems coincide with a subclass of 
asynchronous systems. The following provides some insight into the relationship 
between regions in an elementary transition system and quotients of its canonical 
asynchronous system. 

Lemma 6. Let R he a region in an elementary transition system S. Define a 
set of actions A — Ar = {a G A \ a*R V R*a}. Then A is a clique of dependent 
actions. Moreover, p A q implies p G R ^ q G R. 

Proof. Let a G A and let a || 6. Then in the transition system there exist 
fragments like ®. Whichever of a*R or R*a is true, precisely one of the sources 
of 6-arrows belongs to R. Hence, neither b*R nor R*b holds, consequently, b ^ A. 

Now, let p A q and let x denote the characteristic function of R. The proof 
of x(p) = xid) goes by induction on the derivation of p A q. The base case is 
p — q for some a ^ A. By definition of A, neither a*R nor R*a holds, hence the 
claim. For the other case, let r ——)■ p and s — q be two a-arrows with r A s. 
We have x{p) ~ x(^) = x{d) ~ x(s) and x(^) = x(s) by inductive hypotheses. 
Hence x(p) = x(9)i as required. □ 

Now, the following is immediate. 

Proposition 12. The canonical asynchronous system induced by an elementary 
transition system is concrete. 

Proof. Let us verify that with M = {Aji \ i? -a region} the canonical asyn- 
chronous system satisfies Morin’s M-separation axioms o and (^. 

Suppose p ^ q. Then there exists a region which separates p and q. A clique 
A induced by this region as in Lemma El also separates the states. 

Now, let p Take a region R with p ^ R and R*a. Then, the clique A 
induced by R contains a and separates p and a. Indeed, consider q, with q A p. 
Then, by Lemma El q ^ R. Hence, [p]a fAA. □ 
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The converse to Proposition H3 is not true. For instance, each sequential 
system A, i.e., each asynchronous system with ||^ = 0, does satisfy Morin’s 
conditions. This is because the entire alphabet of M is a clique of dependent 
actions, and it generates the trivial equivalence. Hence, for instance, a sequential 
system that performs an action a twice in a row and then stops is concrete. 
Clearly, it is not elementary. In fact, it is neither semi-elementary nor does it 
satisfy the separation axiom 3 in m- Thus, the realization procedure described 
in this paper extends functorial realizability to cases not covered before. In fact, 
it will become apparent in the next section, it covers cases which cannot be 
realized by any unlabelled general Petri net. 

But first, let us notice that the arguments presented above can be easily 
adopted to safe nets and their case graphs. Indeed, each net FI induces structural 
independence |1 j^ on events defined by: ei Hji C 2 iff (*ei U e*) fl (*62 U e*) = 0. 
Then, Mjy = (Cg(FI), Ijjsf) is an asynchronous system when Ff is a safe net, see |2|. 

Proposition 13. Asynchronous system Mh induced by a safe net FT is concrete. 

Proof. Each place & of Ff induces a clique At = {e £ E | 6 *e V e*5} of struc- 
turally dependent actions. Moreover, one easily obtains an analogue of Lemma0 
MAfjM' implies b £ M ^ b £ M' . With it, the proof goes as in Prop. ^3 □ 



4.4 Labelled Safe Petri Nets and Their Products 

The importance of categorical products as a fundamental tool to explain synchro- 
nization is well-known, cf. ISHEO]. Here, we investigate the Petri net counterpart 
of the mixed product (HM) in the context of nets with rigid morphism. 

A rigid morphism of two labelled Petri nets (FI, A, £) and with 

A' C A is a general morphism (/3, rj, A) of nets in which A is the transpose partial 
function induced by the inclusion A' C A. Equivalently, we can keep A implicit, 
and consider a morphism (/3, 77 ) of the underlying Petri nets which preserves the 
labelling in the following sense: for all e £ E, either rje is defined, £e £ A' and 
£' {rje) = ie or pe is undefined and le ^ A'. Clearly, labelled safe Petri nets with 
rigid morphisms also form a category, denoted fPN'^. Note that the case graph 
functor maps rigid morphisms of nets to rigid morphisms of transition systems. 

The category of labelled (safe) Petri nets with rigid morphisms admits finite 
products, called mixed or rigid in the sequel. Essentially, it is the old Winskel 
construction, cf. except that the synchronization of events is already in- 
corporated into the product (due to the choice of rigid morphisms). Also, the 
presence of labelling requires some refinements of the construction. 

Theorem 2. Let (Li)ig/ be a finite family of labelled Petri nets. Their mixed 
product Li = {B,E,E,M,A,£) is given by: 

- B = l±J,e/ Bi, the disjoint union of places, 

— A = Uie/ 
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— EC Y\i(zi{Ei U {-L}) is defined as follows. 

e G E iff (3 a G A) (y i G I) (ci J- A iiCi = a) V (e^ = _L A a ^ Ai) 

Here E is a dummy event oceurring in none of Ei, 

— F{b,e) = Fi{h,ei) and F{e,b) = Ffciff), whenever b G Bi. Here, by con- 
vention Fi{b, _L) = 0 and Fi{E, b) = 0, for all i G I. 

— M = 

— i : E ^ A is determined uniquely due to the definitions of A and E. 

The place part of i-th projection is the relation transposed to the inclusion Bi C 
B. Its event part is a partial function which maps {ei)i^i to Ci when Ci _L, and 
otherwise undefined. □ 

Proof. It is immediate that projections fulfill the conditions of Definition^ and 
that they preserve labels. Moreover, they are Winskel morphisms. 

Suppose a family of Petri net rigid morphisms {fii,r]i) : Ij ^ Li, i G I is 
given. In particular, (V i) Ai C A. Define (/3, ry) : C — t> OIg/ 'C'i as /3 = Si^iff and 
jye = {r]iei)i^i, where the Ts component equals _L whenever piCi is not defined. 
The requirement that morphisms preserve labelling ensures rye is properly defined 
and the resulting morphism preserve labelling too. The definition of (3 ensures 
condition (E| of Definition Q] is fulfilled. Now /3(*e) = Ei^ififfci) while *(?ye) = 
Ei^i 'rjiCi and similarly for (jqe)*. Here summands are assumed to be zero if rjiCi 
is undefined. Hence conditions © and ( 0 ) of Definition Q] are fulfilled too. 

It is clear from the construction that (/3, ry) composed with i-th projection 
equals {ff, rji) and that it is the only (rigid) morphism with this property. □ 

Rigid projections are Winskel morphisms. It can be shown that if a cone 
consists of Winskel morphisms only, then so is the mediating morphism. Thus, 
the constructions specializes to the subcategory with rigid Winskel morphisms. 

In the rigid product two nets synchronize on shared labels. It may be instruc- 
tive to consider an example of a rigid product and a canonical morphism. 

Net in Fig. 0 is a rigid product of three state machines — the one with 
language (e(e^*, another with {e'fe'D* and yet another with e\ -\- e'f. Here, a 
synchronization does take place. There are morphisms from N+ to N)!, which 
yield projections on the level of case graphs, their product is a morphism from 
N+ to N(|_ yielding identity on case graphs. As we have already mentioned, there 
is no morphism in the opposite direction. 

The case graph functor preserves mixed products. 

Proposition 14. The case graph of the mixed product of labelled Petri nets is 
(rigid isomorphic to) the mixed product of their case graphs. 

Proof. Let Li, i G I, he a, finite family of Petri nets, and let L = 
mapping (Mi)i^j i— >■ Si^jMi is a bijection between Yliei h-Ei and y\+)i^j Bi). 
Hence, {Mi)i(=i is mapped into M. 

Let {Mi)i^i -ly {M[)i^i in the product of case graphs. It means that if 
a G Ai then Mi \ci) M[ for some e^, iiCi = a, otherwise Mi = M[. If the former 
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is the case, M' = Mi — 'a + e* Hence Si^iMi [e) where e = (ei)ig/, 

^e = a. Thus, the bijection is actually an isomorphism in TS. □ 

While the mixed product of labelled Petri nets is a product in the subcategory 
with rigid morphisms, it is also true, that a cone of “consistent” non-rigid mor- 
phisms also gives rise to a not necessarily rigid morphism to the mixed product. 

Proposition 15. Consider a family of net morphisms {(3i, rji, Xi) : L —> Li, for 
i G I. Assume all Xi composed with inclusions li \ Ai Q Ue/ Ai agree, i.e., that 
there exists a function A : A — >■ Uie/^» such that Xi = A; ij . Then there exists 
(a unique) morphism (/ 3 , 77, A) : L — >■ OIg/ of labelled Petri nets such that its 
compositions with rigid projections to Li gives back the original morphisms. 

Proof. Define A : A — >■ IJ^gj Ai as the common relabelling. The construction of 
{P,T]) given in the proof of Theorem |21 is applicable here too, the assumption of 
the common relabelling makes the definition of rj correct. Together with A they 
form the desired morphism. □ 

4.5 Towards a Punctorial Realization of Concrete Asynchronous 
Systems by Means of Labelled Safe Petri Nets 

The notion of realization of a concurrent behavior of a reactive system has been 
introduced in Sect. 13.01 and formalized as a relation between reachable asyn- 
chronous systems and labelled marked Petri nets. Now, we are ready to show 
that this realization relation commutes with rigid products. 

Theorem 3. Let (Ai)ig 7 be a finite family of asynchronous systems and let 
be a family of their realizations. Then the mixed product of nets, 
realizes the mixed product of asynchronous systems, nle/ A- 

Proof. Let OiG/ ™^6d product of labelled nets and 

let mG/A = (n.G/§ i, ID be a product of asynchronous systems. 

n We have already established, see Proposition that Q/dliG/'^*) rigid 
isomorphic to the product of Cg{Li), hence also to OIg/ 

H Let M be reachable, M \e+e'), where e = (ei)i£/, e' = (e')ig/ and let £e, ie' G 
Ai for some i G I. Then M C\ Bi G Mi and M (1 Bi [ci-l-e') in Ni, hence 
ie = iiCi ID iic'i = £e'. The choice oi i G I does not matter. 

0 Finally, let b G (*e U e*) fl (*e' U e'*). There is only one i G I such that b G Bi, 
for this i both Ci T and e' T and b G (*ei U e*) fl (*e' U e'*). Then 
^iCi Ifi (ic'i, hence £e jj" £e'. □ 

The reader should note that the above result does not presuppose safety of 
realizations. This, in principle, allows to use arbitrary labelled Petri nets. If, 
however, all nets are safe, then so is their mixed product. 

Consider a reachable concrete asynchronous systems A, and let M C Q(A, ||) 
be any family of cliques such that M-separation axioms hold for A, and M fully 
captures ||. A realization of A by means of a labelled Petri net is obtained by 
applying the following parametric procedure. 
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Factorize A into the family Tm(^) = {m(^) | C M} of sequential systems. 
Realize each quotient ka{A) in 5 'm(- 4) as a net £ja- 

Compute 

The first step has been done by Morin, cf. m and Sect. lO 

The last step produces a realization of the mixed product of sequential sys- 
tems, by Theorem 0 

Thus, to fully explain how the procedure works it is enough to present a 
realization of sequential systems. We have already seen an easy and functorial 
way to realize sequential systems as labelled state machines, see Prop. 0 

Suppose that TZ is any such realization functor from the category of sequential 
systems to the category of labelled Petri nets. Is it now possible to extend TZ as 
described above so that this realization becomes a functor? More precisely, given 
a diagram F in AS in which all objects are concrete, one would like to find a 
realization of all the objects and all the morphisms which preserves commuting 
diagrams. Indeed, this can be done thanks to Prop. rTTHTm 

Theorem 4. Let ¥ he a eommuting diagram in the full suheategory of eonerete 
asynchronous systems. Then there exists a diagram TZ{F) (of the same shape) in 
the category of labelled Petri nets whose objects realize the respective objects of 
F and whose morphisms realize the morphisms of F. 

Proof. For each object A in F let Mp be a family of cliques of A build as in 
Prop. m and such that it ensures separation axioms and fully captures inde- 
pendence in A. Consider a family of quotients Tmf(-4) = {ka{A) | A G Mp}. 
Realize every member of this family using a realization functor TZ. Define a la- 
belled net TZ{A) as {TZ{ka{A)) \ A G Mp}. In this way all objects of F are 
realized as labelled Petri nets. 

Now, let / : A' — >■ A G F be a morphism of asynchronous systems. The 
families of cliques and Mp of A' and A, respectively, fulfill the requirements 
of Prop. E3 Hence, a family of morphisms fA ■ i^x^{A){f^') i^a{A), A G Mp 

as defined in Lemma 0 is consistent. Applying to /z\’s the realization functor we 
arrive at a family of Petri net morphisms TZ{fA) ■ TZ{k\^ (^a){-A.')) TZ{ka{A)), 
A G M]f. Composed with projections from TZ(A') they make a cone of consistent 
morphisms in the category of Petri nets. We can now apply Prop. E|to obtain 
a morphism TZ{f) : TZ(A') TZ{A) which realizes /. □ 



Corollary 2. There is a realization functor from the category of concrete asyn- 
chronous systems to the category of labelled Petri nets. 

Proof. Consider Q as the universal family of cliques and apply the construction 
to the functor Sm. □ 

Fig. ehzi demonstrate an example of two simple transition systems, their 
mixed product, and their realization by means of labelled safe Petri nets. Actu- 
ally, the example is so simple that the labelling is not really required. Note that 
realizations may introduce indistinguishable places, viz.: postconditions of a. 
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Fig. 5. Two simple Fig. 6. The prodnct of these 
transition systems transition systems 



Fig. 7. Two state machines 
and their product realizing 
the transition systems 



5 Examples, Conclusions and Further Work 

Let us assume that a reactive system is given in the form of transition system 
§ = {S, s, A, T). We have shown how to find a concurrent realization of a reactive 
systems when its behavior is represented as a concrete asynchronous system 
(§, II). The difficult question, though, is how to define a suitable ||. 

Intuitively, the larger the independence relation, the more concurrent real- 
ization should be obtained. One could formally define a partial order on asyn- 
chronous systems over the same underlying transition system by saying that 
(§, 111) is more concurrent than (S, H 2 ) whenever ||i O H 2 . 

Now, if § elementary one can, by Prop. cni derive from its structure the 
canonical independence relation which yields a concrete asynchronous system. 
So, one can ask whether what we obtain in this way is the most concurrent 
behavior of S? The answer is negative. 

Indeed, consider transition system %abc given by: s p _!!_>, q r. This 
is an elementary transition system, and its canonical independence relation is 
empty. This is a way of saying that the system does not exhibit any concurrent 
activity. However, nothing prevents us from declaring a and c as independent. In 
fact, (§abc, II) with a II c and ajj" 6H"c becomes a concrete asynchronous system! 
The corresponding two realizations of both systems are depicted on Fig. EH3 






Fig. 8. Sequential realization of §abc 



Fig. 9. “Concurrent” realization of Sabc 



Interestingly, both nets are realizations of both concrete asynchronous systems 
which shows that the notion of realization is quite liberal. Other issues are also 
demonstrated by this simple example. 

Firstly, the realization procedure that we have described strives to implement 
actions declared as independent by means of structurally separated transitions. 
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Secondly, the choice of decomposition of a behavior into a product of se- 
quential components affects the size of the realization of the system. One of the 
parameters of the construction of realization presented in Sect. 0 was the choice 
of the family of cliques of the dependence relation. Thus, the net on Fig. 0 is 
determined by choosing X = {{a, b, c}}, while the net on Fig. 0is determined by 
choosing M = {{a, b} , {b, c}}. In this case we could also choose Q which contains 
all subsets of {a, b, c}, and obtain a huge net, with many copies of indistinguish- 
able places. This seems to indicate that when the independence is fixed, the most 
compact realizations would be obtained with X. 

Finally, on a related note, one should not declare two actions as independent 
unless they form a diamond somewhere. 

This brings us back to the general question when § is not elementary, and 
yet one would like to find its non-trivial concurrent realization. One could look 
at this problem of finding a maximally concurrent realization of S as a kind of 
‘code optimization problem’. In fact, there is a way to turn a transition system 
§ into maximally concurrent asynchronous system A = (§, |||) where ||| is the 
largest symmetric and irreflexive relation that satisfies the following. 

« III b iff p q r implies (3 s) p — ^ s r (7) 

Sadly, the above construction is not ‘functorial’ in the sense, that a morphism 
/:§—>■ S' in general does not map |||-independent actions to ||| '-independent 
actions. More seriously, (S, |||) obtained in this way is not concrete in general. 
The problem are demonstrated in the next section with a well-known example. 



5.1 Mandala 

Suppose there are agents interested in using a resource. Simultaneous usage of 
the resource leads to its corruption. It is therefore imperative that some kind 
of scheduler is devised to control the access to the resource. The behavior of 
an individual agent A from the scheduler perspective could be defined as a 
simple CCS-like process. In the simple case described on Fig. [nil each agent 
would behave like A <i= r.u.A where r and u stand for request and use phases, 
respectively. The more elaborate case of Fig. mi arises when each phase of using 
the resource is split into two: e of entering the critical section, and phase (. of 
leaving the critical section and thereby releasing the resource. 

In the simplest case, in which only two agents are considered, solutions take 
the form of mandala, see Fig. Enmu The solutions are based on assumptior0 
that the scheduler should accept the requests at any time, but the permission 
should be granted on the first-come-first-served basis. The reactive system on 
Fig. injis isomorphic to the flow-graph for mutual exclusion derived by Emerson 
and Clarke from a branching time temporal specification, see nSl Fig. 11]. 

A quick analysis of transition system §2 reveals that it is not elementary. First 
of all, states s and t reached from the initial state after performing rir 2 and r 2 r\ 

^ This is questionable as it prohibits asynchronous reaction to request signals. 
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are different, so state-state separation fails. Moreover, the transitions enabled 
in these two states are different, so state-event separation fails as well. Hence, 
the system cannot be realized using the regional construction of Ehrenfeucht- 
Rozenberg. In fact, there is no (unlabelled) net with §2 as its case graph. The 
proof is simple: whenever M [62) M' [ei) Mi and M [ei) M" [62) M2 hold in a 
Petri net, then Mi = M2 follows. 

The above arguments work also for Emerson-Clarke scheduler §3. 

The only interesting concrete asynchronous system with 82 as its underlying 
transition system is the sequential one. To see this assume to the contrary that, 
say, ri || U2- Then, s and U2 could not be separated, whereas s Indeed, con- 
sider any A C {ri,ui,U2,ri\ with U2 € A where Z\ is a clique of the dependence 
relation. Then ri ^ A, by assumption, so by the construction of the quotient 
relation induced by A it follows that s At. Thus, [s]/\ dR)>. 

A symmetric argument shows that also the other diamond in 82 cannot be 
filled with concurrency, i.e., we cannot assume r2 || ui. Similarly, one can show 
that T2 jj" Cl and ri 62 in any concrete asynchronous system built on S3. 



5.2 Realization of the Emerson-Clarke Scheduler 

With mandala not much can be done within our framework. That is, the only 
implementation of mandala is the sequential one. In case of Emerson-Clarke 
scheduler, see Fig. [HI the situation is better. Namely, there exists maximal 
concrete independence relation: ri || £2 and T2 || £\. The relation admits four 
maximal cliques. 

The factorization of the resulting concrete asynchronous system into sequen- 
tial systems is depicted on Fig. 01 The last of the four sequential systems is 
the notorious mandala. Taking the labelled state machine associated with each 
factor and computing their product in the category of labelled nets would give 
a safe net with 14 places and 14 transitions. 
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62 62 



6l ei 



T-2 



^2 62 




Fig. 12. The decomposition of the schednler with V 2 ei and ri jj" 62 



5.3 Zig-zag Morphism and Systematic Refinement 
of Concrete Asynchronous Systems 

We do not know if there exists the biggest concurrent concrete asynchronous 
system over a given transition system. Nevertheless, assume that each transi- 
tion system § in a diagram F is equipped with a concurrency relation || such 
that (8, II) is a concrete asynchronous system. Then, we could iteratively keep 
restricting the independence relations until all / in F become morphisms of 
asynchronous systems. The resulting diagram in the full subcategory of concrete 
asynchronous systems can be then realized as a diagram of labelled safe Petri 
nets as described in Sect. 0 Thus, the problem would be to find a maximally 
concurrent independence such that (8, ||) is concrete. 

Each concrete (8, ||) satisfies || C ||| where ||| is the maximal independence 
admissible for 8. Moreover, whenever ||i C H2 then the identity morphism on 8 
becomes is a morphism from ^ : (8, ||i) — >■ (8, H2) in AS. This suggests that in 
search for a maximal concrete independence one could start with ||| and subse- 
quently restrict the independence until one arrives at a concrete system. This 
process will surely terminate since each sequential system is concrete. 

The above idea can be generalized by replacing t : (8, ||i) — >■ (8, H2) by more 
general / : (81, ||i) — >■ (82, II2) and continue working with 81. To maintain the 
same behavior any such morphism should satisfy certain requirements. For in- 
stance, modulo A, it should satisfy the same properties as 82. 

Assume that A is total. We can view 81 as a transition system 8 over A2 
defined by S' = S'!, A = A2 and p — ify q in 8 iff A& = a and p — g in 81. In 
the light of Proposition [Q if the morphism (cr, id^a) : 8 — >■ 82 is a zig-zag, then 
8 and 82 satisfy the same properties. Hence, if Si is realized as a labelled net, 
then extending the labelling of the net with A renders a realization of 82. 

Let us turn the above requirement into definition. 

Definition 5. A proto-zig-zag is a morphism / : 8 — >■ S' such that A is total, 
and if as — ^ q in S' then there is transition s — ify p in § such that Xa = b and 
ap = q. A proto-zig-zag between asynchronous systems is their morphism which 
is a proto-zig-zag of the underlying transition systems. 

Let A and Al be asynchronous systems. Then A implements A! via f , and f 
is an implementation of A' , whenever f \ A ^ A! is a proto-zig-zag morphism. 
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Proto-zig-zags are closed under composition, and contain identity morphisms. 
When the target of a proto-zig-zag is reachable then its components of are sur- 
jective functions. If ^ = (§, ||), then the pair of identities forms a proto-zig-zag 
from (§, 0 ) to A. Thus, the sequential system (§, 0 ) is an implementation of A. 

Let f':A'—^A and f" : A!' — ^ be two implementations. Then /' is better 
than /", notation /" A /' when there exists / : A" — >■ A' such that /" = /; /'. 
Surely, any such / is necessarily a proto-zig-zag, too. 

The idea, now, would be to iterate refinement steps, by analogy to what was 
proposed in and implemented in |H|, so that with each refinement the new, 

transformed specification is more eoncrete. Each implementation preserves the 
behavior of the target in the source modulo the A-part of the implementation, see 
Proposition n Thus, the realization obtained at the end, with labelling composed 
with all A’s parts of the implementations obtained along the way, is a realization 
of the original system. 

Assume that one insists that the states are shared by the implementing and 
the implemented asynchronous systems. Then, there are basically two orthogonal 
ways in which an asynchronous system A! can implement A via f : A' ^ A. 

— aetion splitting: f glues some actions of A' into a single action of A, inde- 
pendence in A is reflected in A!\ 

— concurrency reduction: f does not glue any actions, but the independence 
relation in A' is smaller then the one in A. 

Then, the less splitting of actions, the smaller loss of independence, the better, 
i.e., more concurrent, an implementation. 

Clearly, the implementation by means of the induced sequential system is 
of the second type. All other implementations can be seen as compositions of a 
split implementation followed by a concurrency reducing implementation. 

5.4 Further Research 

The framework proposed here subsumes those synthesis procedures which tar- 
geted subclasses of safe nets, cf. It remains to be checked if Morin’s 

separation axioms also imply those of PD]. 

More importantly, though, would be to relate our framework to other frame- 
works, especially those underlying tools used in practice. 

It remains as an interesting challenge if one can push further the frontiers of 
uniform realizations. One possibility would be to target non-safe labelled nets 
and use more liberal abstract models of concurrent behaviors, like in [m 2 S|. 
Indeed, by implementations involving splitting of some actions one can obtain 
from Emerson-Clarke scheduler a concrete asynchronous system that fulfills sep- 
aration axioms of Droste-Shortt. In fact, there are several maximal, and hence 
incomparable ways to achieve this goal. For instance one can choose one of the 
lower diamonds, say [r2,ei], and one of the upper ones, say [ri,l2], and then 
introduce two actions for each of r2, ei, ri and £2, and adjust the independence 
relation accordingly. The corresponding implementation morphism is an identity 
on states, glues actions that got split, and preserves the independence relation. 
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Other option is to accept a more liberal notion of concurrent realization. This 
can be done by removing condition Def. 00. Intuitively, there is no sense to 
prohibit concurrent execution in the realization even when it is not present in 
the specification. Indeed, more compact realizations can be obtained this way. 

And there is yet another option. Our notion of implementation has been 
based on strict morphisms, i.e., morphisms with total action relabelling part. In 
this way the implementation corresponds to the notion of strong bisimulation. 
We have grounds to believe that by allowing partial relabeling, and thereby 
silent actions in the implementing systems, one can achieve more concurrent 
behavior. In case of the Emerson-Clarke scheduler one can achieve the realization 
of maximally concurrent behavior easily, see Fig. ^^(to ease the comprehension 
we copied Fig. for comparison). Many researchers are active in this field, 
see for a recent attempt. 





Fig. 13. Emerson-Clarke scheduler S 3 Fig. 14. Emerson-Clarke scheduler with 
from Fig. silent moves 



In this paper we have studied the notion of general morphism of Petri nets. 
General morphisms were shown to be the largest class of morphisms which are 
transformed by the case graph construction to morphisms of transition systems. 
This notion of general Petri net morphism can further be generalized along the 
lines of UBI. That is, one may consider richer structures on the event part of a 
Petri net and Petri net morphism. Indeed, Definition 0 works fine if one allows 
mapping an event in the source net of a morphism to a multiset of events in the 
target net. 

However, as argued in jl 8j . while it is natural to consider Petri nets with 
monoidal structure on events, in general the monoids need not be free. An ex- 
ample is Milner’s synchronization: a + a = t, where r is a silent move. A good 
candidate could be finitely presentable monoids, i.e., monoids generated by a 
finite number of events and with a finite number of equalities. Then, a Petri net 
morphism should preserve these equalities. 

Another line of generalization is to consider a richer class of morphisms of 
transition systems. A simulation between transition systems § = (5, s,A, — ^ ) 
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and §' = {S', s', A', — y ) is a pair consisting of a relation -< C S x S' and a 
partial function rj : A ^ A' such that initial states are related, s -< s', and 

p ASj, q in §, ryaJJ., p < p' implies p' q' in S' for some q' ,q < q' 
p AS), q in S, ryajj", p S p' implies q S p' 

Brown and Gurr have defined the notion of a simulation of Petri nets 
in a somewhat restricted way. Their simulation of Petri nets, gives rise to the 
simulation of their case graphs, as expected. The general simulation of Petri nets 
would be a pair (/3, rj) which fulfill condition JQ) of DefinitionEand, additionally, 
conditions 

H’- /3(e*) < /3(*e) - *(??e) + (rje)*. 

0 ’. (3M<M'. 

Again, simulations form a category, in fact, the largest one within the framework. 
The case graph is a functor — a simulation of the case graphs is a pair {-<f 3 ,r]), 
where M M' iff {3M < M' . Moreover, Winskel definition of products works. 
However, there is no obvious state machine construction at hand, hence the 
synthesis problem for simulations of transition systems requires further research. 
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Abstract When employing Petri nets to model distributed systems, 
one must be aware that the basic activities of each component can vary 
in duration and can involve smaller internal activities, i.e., that transi- 
tions are conceptually refined into transactions. We present an approach 
to the modeling of transactions based on zero-safe nets. They extend 
ordinary pt nets with a simple mechanism for transition synchroniza- 
tion. We show that the net theory developed under the two most widely 
adopted semantic interpretations [collective token and individual token 
philosophies) can be uniformly adapted to zero-safe nets. In particular, 
we show that each zero-safe net has two associated pt nets that repre- 
sent the abstract counterparts of the modeled system according to these 
two philosophies. We show several applications of the framework, a dis- 
tributed interpreter for zs nets based on classical net unfolding (here 
extended with a commit rule) and discuss some extensions to other net 
flavours to show that the concept of zero place provides a unifying notion 
of transaction for several different kinds of Petri nets. 



Introduction 

A distributed system can be viewed as a collection of several components that 
evolve concurrently, by performing local actions, but that can also exchange 
information, e.g., according to suitable communication protocols. Operational 
models for distributed systems are often defined using suitable labeled transi- 
tion systems. Place/transition Petri nets [41 (abbreviated as pt nets) can 
be viewed as particular structured transition systems, where the additional alge- 
braic structure (i.e., monoidal composition of states and runs) offers a suitable 
basis for expressing the concurrency of local actions. In fact pt nets have been 
extensively used both as a foundational model for concurrent computations and 
as a specification language, due to their well studied theory, a simple graphical 
presentation and several supporting tools. 

When designing large and complex systems via pt nets, the more convenient 
approach is to start by outlining a very abstract model and then to refine each 
transition (that might represent a complex activity of the system) into a net 
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that offers a more precise representation of the associated activity. For example, 
communication protocols for passing and retrieving values cannot ignore that 
agent synchronization is built on finer actions (e.g., for sending data requests 
and acknowledgments). Moreover, such actions must be executed according to 
certain local/global strategies that must be completed before the interaction is 
closed. Hence the abstract transition is seen, at the refined level, as a distributed 
computation (that we call a transaction) which succeeds only if all the involved 
component accomplish their tasks. In particular the commit of the transaction 
synchronizes all the terminal operations of local tasks. For the refinement to 
be correct, we must assume that the transaction is executed atomically, as if it 
were a transition. Thus, the execution strategy can be only partially distributed, 
since certain local choices must be globally coordinated. However, this is also 
the case in ordinary (non free-choice) pt nets. In fact, let us consider a generic 
interpreter for PT nets, where each transition synchronizes the consumption and 
production of its pre- and postset. This assumption requires that a local activity 
can influence the behavior of other transitions: Before executing any transition 
t, the interpreter must lock all the distributed resources that t will consume and 
this must be done atomically; otherwise a different transition t' could lock some 
of the resources needed by t. Therefore the interpreter can afford only a certain 
degree of distribution. This originates what can be called ‘place synchronization.’ 

Several approaches have appeared in the literature that present different 
refinement techniques for top-down design of a concurrent system (e.g., Petri 
Box calculus jYlti] and rule-based refinement m)- Many references to the subject 
can be found in j8E(il | . Typically at each step a single transition (say t) of the 
actual net N is refined into a suitable subnet M, yielding the net N[t — >■ M], This 
approach is somehow related to the notion of general net morphism proposed by 
Petri, that can be used to map the refined net into its abstract representative by 
collapsing the structure of M into the transition t. In general some constraints 
must be assumed on the net M for its behavior to be consistent with that of t, 
as e.g. in 14111481471 . Our approach is slightly different, because all transitions of 
the abstract net are refined by runs of ‘the same’ zero-safe net. 

Zero-safe nets (zs nets) have been introduced in to provide a basic syn- 
chronization mechanism for transitions as a built-in feature. In fact, pt nets 
allow for ‘place synchronization’ only, whereas ‘transition synchronization’ is an 
essential feature to write modular and expressive programs, and to model sys- 
tems equipped with synchronization primitives (to achieve modularity in defin- 
ing the net associated to the synchronous composition of two programs, the 
translations presented in the literature involve complex, and often ad hoc, con- 
structions )I28I38I22I,3( )l7j 1 . 

Besides transitions and ordinary places (here called stable places), ZS nets 
include a distinguished set of zero places for modeling idealized resources that 
remain invisible to external observers, whilst stable markings, which just consist 
of tokens in stable places, define the observable states. Any operational step of a 
ZS net starts at some stable marking, evolves through hidden states (i.e., mark- 
ings with some tokens in zero places, called non-stable markings) and eventually 
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Fig. 1. A zs net and its abstract counterpart. 



leads to a stable marking. All the stable tokens produced during a certain step 
are released together only at the end of the step, i.e., they are ‘frozen’ until the 
commit is executed. The synchronization of transitions can thus be performed 
via zero tokens. The toy example in Figure Q illustrates this basic mechanism. 
First, note that we extend the standard graphical representation for nets — in 
which boxes stand for transitions, circles for places, dots for tokens, and directed 
weighted arcs describe the flow relation with unary weights omitted — by using 
smaller circles to represent zero places. In the refined model (Figured left), the 
initial marking {a, 5} is stable and enables the transition tp whose firing pro- 
duces a ‘frozen’ stable token in c and a zero token in z. Hence, after the firing of 
to we reach a non-stable marking. But now ti is enabled and its firing consumes 
the stable token in b and the zero token in z, and produces a frozen token in d. 
Since the reached marking is stable, the transaction is closed and frozen tokens 
are released. At the abstract level, we are not interested in observing the hid- 
den intermediate state {b,c,z}. In fact we just consider stable places plus the 
atomic activity that takes {a,b} and produces {c,d} (Figured right). Pursuing 
this view, a ‘refined’ ZS net and an ‘abstract’ pt net model the same system. 
The latter, where only stable places are considered, offers the synchronized view, 
which abstracts away the production and consumption of zero tokens. 

In this paper we survey the operational and abstract semantics of ZS nets, 
together with several applications to the modeling of distributed systems. It is 
worth remarking that both the operational semantics of zs nets and the construc- 
tion of their abstract pt nets are characterized as two universal constructions, 
following the so-called ''Petri nets are monoids’ approach |S2|. More precisely, 
the former can be characterized as an adjunetion and the latter as a eorefleetion. 
The universal properties of the two constructions witness that they are the ‘opti- 
mal’ choices. In particular, by expressing the abstract semantics via coreflection 
we fully justify the choice of abstract pt nets as canonical representatives. 

We stress that the synchronization mechanism of ZS nets can favor a uni- 
form approach to concurrent language translation. For instance, in the case of 
CCS-like process algebras, the parallel composition of two nets modeling com- 
municating processes involves the combinatorial analysis of all the admissible 
synchronizations, whereas we have shown in HH that using zero places for mod- 
eling communication channels, the parallel composition of two nets can just 
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merge the common channels. As an original contribution, here we show how to 
model distributed choices in a compositional way and discuss how the basic con- 
cept of ‘zero place’ can be exploited in other net flavours, still preserving some 
distinguishing features of the approach. 

For what concerns ZS nets implementation, one has to specify the computa- 
tional machinery for performing only correct transactions, recovering deadlocks 
and treating infinite low-level computations. We illustrate our proposal in m 
for equipping ZS nets with such a distributed operational tool and then extend 
it to deal with read arcs in contextual (zero-safe) nets. 

Since the notion of zero safe place is to some extent orthogonal w.r.t. the dif- 
ferent kinds of Petri nets considered in the literature (e.g., contextual, coloured, 
timed, probabilistic) we think that it can provide a unifying basis for developing 
a theory of concurrent transactions in Petri nets. Note that we employ the termi- 
nology ‘transaction’ with a meaning analogous to the one it finds in databases: 
a (sort of) program that when applied to a consistent state still leads to a con- 
sistent state, though not necessarily the consistency of the state is preserved by 
all steps in the program. 



Origin and Structure of the Paper. The operational and abstract seman- 
tics of ZS nets according to the two more widely adopted net philosophies (called 
collective token and individual token) have been presented in [1 311 4) together 
with the associated universal constructions. A comparison between the two ap- 
proaches has been discussed in HZI, in the Ph.D. Thesis of the first author 
and in the tutorial overview US]. The distributed interpreter for zs nets has 
been proposed in m- The modeling of distributed don’t know choice and the 
extensions of the zero safe approach to other net flavours (e.g., read arcs) have 
not appeared elsewhere. 

In Section[I]we recall PT nets and their semantics. SectionEI illustrates ZS nets 
and their operational and abstract semantics and uses two examples to motivate 
the usage of zero places. In Section 0 we give a compositional representation 
of a simple process algebra equipped with action prefix, parallel composition, 
restriction and don’t know nondeterministic choice. The distributed interpreter 
for ZS nets is defined in Section We conclude in Section 0 by extending the 
ZS net formalism to deal with read arcs. For detailed proofs of most results we 
refer to I17l1fll10l . 

Acknowledgements. We thank Paolo Baldan for several interesting discussions on 
contextual nets and for his careful reading of a preliminary version of this work. 
We also thank Jose Meseguer and the anonymous referees for their suggestions 
that helped us in improving the presentation of the material. 



1 Place/Transition Petri Nets 

Definition 1 (Net). A net is a triple N = {Sn,Tn,F]^), where Sn is the set 
o/ places a, a',..., Tat is the set o/ transitions t,t',... (with Sn = 0), and 
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Fn C (S'tv X Tpf) U (Tat x Sn) is called the flow relation. The elements of the 
flow relation are called arcs, and we write x Fjq y for (x,y) G F^. 

We shall denote Sn U Tn by N when no confusion can arise. Subscripts will 
be omitted if they are obvious from the context. For x G N, the set *x = {y G 
fV I y F a;} is called the preset of x, and the set x* — {y G N \ x F y} is called 
the postset of x. We only consider nets such that for any transition t, *t yf 0. 
Moreover, let °N = {x G N \ *x = 0} and N° = {x G N \ x* = 0} denote 
the sets of initial and final elements of N respectively. A place a is isolated if 
•a U a* = 0. 

Definition 2 (pt net). A marked place/ transition Petri net /PT net) is a tuple 
N = (S', T, F, W, Min) such that (S, T, F) is a net, the function W: F — >■ N assigns 
a positive weight to each arc in F, and the finite multiset Mj„: S — >■ N is the initial 
marking of N . 

We find convenient to view F as a function F: (S x T)U(Tx S) -G {0, 1}, with 
X F y 4=^ F{x,y) yf 0. Then, for pt nets we replace {0, 1} by N and abandon 
W. Thus, the flow relation becomes a multiset relation F: (S x F) U (T x S) — >■ N. 

A marking m: S — >■ N is a finite multiset of places. It can be written either as 
M = {niOi, ...,nfcOfc} where each nt dictates the number of occurrences {tokens) 
of the place Oi in u, i.e., rij = u{ai) (if = 0 then the UiOi is omitted), or 
as the formal sum u = 0a, e g riiOi denoting an element of the free commuta- 
tive monoid S® on the set of places S (the monoidal operation is defined by 
(01^^*®*) ® (0^''7^iai) = (®i(?^i + rnflui) with 0 as the neutral element). The 
monoid (/r(S),U,0) of finite multisets on S (with multiset union as monoidal 
operation and the empty multiset as unit) is isomorphic to S®. 

For any transition t G T, let pre(t) and post(t) be the multisets over S 
such that pre(t)(a) = F{a,t) and post(t)(a) = F{t,a), for all a G S'. A pt net 
can be equivalently defined as the (marked) graph (S® , T, pre, post, Min), with 
nodes in the monoid S® and edges in T, where pre(_), post(_): F — >■ S® define 
the source and target of transitions, respectively. As usual we write t: m — >■ m 
for a transition t with pre(t) = u and post(t) = v. This definition emphasizes 
the algebraic structure of pt nets and allows us to define a category of nets by 
considering the obvious homomorphisms preserving such structure. 

Definition 3 (Category Petri). A pt net morphism h: N ^ N' is a pair of 
functions h = {f:T ^ T',g:S® -G S'®) with g a monoid homomorphism and 
with g{pre{t)) = pre(/(t)) and g{post{t)) = post(/(t)) for each t G T. That is, h 
is a graph morphism whose node component g is a monoid homomorphism. (For 
marked nets, morphisms must also preserve initial markings, i.e., g{uifl) = u{^.) 
The category Petri has (unmarked) pt nets as objects and pt net morphisms 
as arrows. 

Definition 4 (Firing). Given a pt net N, let u and u' he markings of N. A 
transition t G T is enabled at u if pre{t){a) < u{a), for all a G S. Moreover, we 
say that u evolves to u' under the firing oft, written u [t) u' , ift is enabled at u 
and u'{a) = u(a) — pre(t)(a) + post(t)(a), for all a G S. 
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Table 1. The inference rules for - =>n - and _ 



identities 


generators 


parallel composition 


basic step 


sequential composition 


M £ S'® 


t:u V E T 


U V, u' =>N v' 


U V 


U V, V =>N W 


U U 


U 'V 


uS> u' V S)v' 


U V 


U W 



A firing sequence from uq to is a sequence of markings and transitions 
such that uo [ti) ui...Un-i [tn) Un- Besidcs firings and firing sequences, steps 
and step sequences are usually introduced. 

Definition 5 (Step). Given a pt net N, we say that a multiset X:T — >■ N is 
enabled at u (f ^ a € S. 

Moreover, we say that u evolves to u' under the step X, written u [A) u' , if 
X is enabled at u and u'{a) = u{a) + ’ (post(t)(a) — pre(f)(a)) for all 

a G S. 

Given a marking u of N, we denote by [m) the set of all the markings that 
are reachable from u via some firing sequence. The reachable markings of the 
net N = {S,T, F,Uin) are the elements of the set [uin). 

The dynamics of a net can be expressed by the one-step relation - =^AT - 
defined by the three leftmost inference rules in Tabled identities represent idle 
resources, generators represent the firing of a transition within the minimal mark- 
ing that can enable it, and parallel composition provides concurrent execution 
of generators and idle steps. Then, it is obvious that u^n v 3{X\T — >• 

N).u [A) V. 

The extension of this approach to computations Uq ^ Ui ^ ^ Un is not 

straightforward. Indeed, concurrent semantics must consider as equivalent all the 
computations where the same concurrent events are executed in different orders, 
and we cannot leave out of consideration the distinction between collective and 
individual token philosophies (noticed e.g., in but see also |1 1 11 2| 1 . 

The simplest approach relies on the collective token philosophy (CTph), where 
semantics does not distinguish among tokens which are available at the same 
place, because any such token is regarded to be operationally equivalent to all 
the others. A major drawback of this approach is that it leaves out of con- 
sideration the fact that operationally equivalent resources may have different 
origins and histories, carrying different causality information. Instead, according 
to the individual token philosophy (ITph), causal dependencies are central to 
net dynamics. As a consequence, only the computations that refer to isomorphic 
Goltz-Reisig processes m can be identified, and causality information is fully 
maintained (the CTph relies instead on the commutative processes of Best and 
Devillers jSl)- If one is simply interested in ‘reachability’ matters, then the dis- 
tinction between the CTph and ITph is irrelevant, and the obvious two rightmost 
rules in Table Dean be introduced (transitive closure). Otherwise, suitable proof 
terms for computations can be introduced and axiomatized to faithfully recover 
the two different philosophies. In this sense, Best-Devillers and Goltz-Reisig pro- 
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cesses can be seen as concurrent computation strategies for CTph (resp. ITph) 
and can be shown to correspond to equivalence classes of proof terms modulo 
natural algebraic axiomatizations m- 

Commutative processes can be characterized by quotienting step sequences. 

Definition 6 (Diamond transformation). Given a pt net N, let 

S = Uq [ti) Ui • * * Ui—i [ti) Ui * * • Uji—\ [^n) '^n 

he a step sequence of N, where U and U+i are concurrently enabled hy Ui-i, in 
the sense that (pre(ti) U pre(ti+i))(a) < Ui-i(a) for any a G Sn- Let s' he the 
firing sequence obtained from s by firing U and in the reverse order, i.e., 

s' = Uo [ti) Ui • • • Ui-I [U+i) u'i [ti) Ui+I ■ ■ ■ Un-l [tn) . 

Then, the sequence s' is called a diamond transformation of s. 

Since in step sequences transitions can he fired concurrently, we let the step 
sequence uq [Xi) [XiG Xi+i) Ui+i---Un~i [Xn) Un be a diamond 

transformation of uq [Xi) u\ ■ ■ ■ ut-i [Xf) Ui [Xi+i) Ui+i---Un-i [Xn) with 
Xi and Xi^i concurrently enabled by Ui-\ (and vice versa). 

Diamond transformations define a symmetric relation whose reflexive and 
transitive closure gives the right equivalence w.r.t. the CTph interpretation. 

The notion of (causal) process is due to Goltz and Reisig |2S1 and gives a 
more precise account of causal dependencies between firings and tokens. 

Definition 7 (Occurrence net). A net K is a ( deterministic occurrence net 
if (1) for all a € Sk, | *o| < 1 A |a*| < 1 and (2) is acyclic^ 

Definition 8 (Process). A process for a pt net N is a net morphism P: K ^ 
N, from an occurrence net K to N, such that P{Sk) C Sn, P{Tk) Q Tn, °K C 
Sk, and for all t € Tk, a € Sn, FN{a, P{t)) = |P“^(a) fl *t| and FN{P{t), a) = 
\p-^{a)r\f\. 

Two processes P and P' of N are isomorphic and thus identified if there 
exists a net isomorphism ip:Kp — >■ Kp, such that ip', P' = P- As usual we 
denote the set of origins (i.e., minimal or initial places) and destinations (i.e., 
final or maximal places) hy 0{K) = °K and D{K) = K° fl Sk, respectively. 
For concatenating causal computations, the notion of concatenable process has 
been introduced in m- Concatenable processes are obtained from processes by 
imposing a total ordering on the origins that are instances of the same place 
and, similarly, on the destinations. The orderings are defined by means of label- 
indexed ordering functions. Given a set S with a labeling function 1: S — >■ S', 
a label-indexed ordering function for I is a family /3 = {/3a}aeS' of bijections, 
where Pa-l~^{a) — >■ {1, . . . , |Z“^(a)|}. Thus, for x,y G l~^{a) we let x G y 
Pa{x) < Pa{y)- 

^ F* denotes the reflexive and transitive closure of relation F. 
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Table 2. 



« € S'® 
idu - u —> u 




a:u ^ V, (5\ u' v' 
a® !3\u®u' ^ V ®v' 



a:u ^ V, I3:v 



a-, l3: u w 



Definition 9 (Concatenable process). A concatenable process for a pt net 

N is a triple C = {P, °£,£°) where P-.K^N is a process, and °£, £° are label- 
indexed ordering functions for the function P restricted to 0(K) and D{K) 
respectively. 

Two concatenable processes C and C' are isomorphic if Pc and Pc are 
isomorphic via a morphism that preserves all the orderings. A partial binary 
operation _ (associative up to isomorphism and with identities) of concatena- 
tion of concatenable processes (whence their names) can be easily defined: we 
take as source (target) the image through P of the initial (maximal) places of 
Kp; then the composition of C = (P, °£,£°) and C = (P', °£' ,£'°) is realized by 
merging, when it is possible, the maximal places of Kp with the initial places of 
Kpi according to their labeling and ordering functions. Concatenable processes 
admit also a monoidal parallel composition _ 0 _ (commutative up to a natural 
isomorphism), which can be represented by putting two processes side by side. 
We refer the interested reader to for the formal definitions of C; C" and 
C 0 C", which make the concatenable processes of a pt net N be the arrows of 
a symmetric monoidal category CP{N) (whose objects are the markings of N). 
The symmetries of CP{N) are given by concatenable processes with empty set 
of transitions (token permutation is expressed by different orderings °£ and £°). 

1.1 Petri Nets Are Monoids 

Several interesting aspects of net theory can be profitably developed within 
category theory, see, e.g., Ib2l82l9l24l40l85l . We focus on the so-called ‘Petri 
nets are monoids’ approach initiated in (see also I28l83l45b4l46ll2l b The 
idea is to extend (part of) the algebraic structure of states to the level of proof 
terms associated to the rules in Table Q]in such a way to capture the basic laws of 
concurrent and causal computations. The proof terms we consider are inductively 
defined in Table Q In [32123] it is shown that axiomatic equivalences on such 
proof terms can precisely characterize several standard semantic constructions. 
In particular, commutative processes can be characterized by lifting the multiset 
structure of states to the level of computations in a functorial way, yielding a 
strictly symmetric monoidal category T{N) (it is called ‘strictly symmetric’ 
because the monoidal operation is commutative). For each net N, the category 
T{N) has markings of N as objects, and proof terms modulo the axioms in 
Table 01 as arrows. Abusing the notation, in Table 01 the parallel composition 
of arrows is denoted by ©, instead of 0, to emphasize that it is commutative 
and can be viewed as multiset union. The functoriality law is the analogous 
of diamond transformation. Denoting by CMonCat the category of strictly 
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Table 3. 



neutral: 

commutativity: 

associativity: 

identities: 

functoriality: 



(a; (3) © (o'; /3')=(« © a')-, {(3 © /?')■ 



a © (3=13 © a, 

(a©/3)©a'=a©(/3©Q'). 



id0 © a=a, 



q; idu=idv’, ct = a, 




Table 4. 




m' © u 



Table 5. 



neutral: 

associativity: 

identities: 



(a © /3) © a'=a ® {j3 ® a'), 



idz © a=a © id^ = a, 



a\ id^=idy', a = a, 




functoriality: (a; 0) © (o'; l3')={a © a'); (/3 © /?'), 



naturality: 

coherence: 



{a © a');7t>,«'=7u,u'; («' © a), 

© idy0, (fd-D © 




symmetric monoidal categories (as objects) and monoidal functors (as arrows), 
T(-) extends to a functor from Petri to CMonCat. 

Proposition 1 (cf. [32J j. The presentation ofT{N) given above precisely char- 
acterizes the algebra of commutative processes of N, i.e., the arrows in T{N) 
are in bijection with the commutative processes of N. 

Under the ITph, for analogous results to hold, one must resort to symmetric 
monoidal categories, where parallel composition is commutative only up to a 
natural isomorphism. In fact, suitable auxiliary arrows called symmetries are 
present (see Table El that can model the possible reorganizations of minimal 
and maximal places of a process. We recall here the definition of the category 
V{N) introduced in m and finitely axiomatized in m- 

Definition 10. Let iV &e a pt net. The category V{N) is the monoidal quotient 
of the free symmetric monoidal category iF{N) generated by N, modulo the two 
axioms: (i) ja.b = ida ® idb, if a,b G S, and a yf b; and (ii) s; t;s' = t, if t G T 
and s, s' are symmetries (where 7_^_, id_, and _ are, resp., the symmetry 

isomorphism, the identities, the tensor product, and the composition of T{N)). 

We remark that in T{N) the tensor product is not commutative and the 
symmetries satisfy the naturality axiom and the MacLane coherence axioms HP- 
For the reader’s convenience, the axioms of iF{N) are recalled in Table El 

Proposition 2. The presentation of V{N) given above precisely characterizes 
the algebra of concatenable processes of the pt net N . 

The constructions T{N) and V{N) provide a useful syntax that can be used 
for denoting commutative processes and concatenable processes, respectively. 
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2 Zero-Safe Nets 

We recall the notion of safety in pt nets. 

Definition 11 (n-safe net). A place is n-safe if it contains at most n tokens 
in any reachable marking. A net is n-safe if all its places are n-safe. 

Thus, the adjective ‘0-safe’ for nets means that all places cannot contain 
any token in all reachable markings. We use the terminology zero-safe net — 
using the word ‘zero’ instead of the digit ‘0’ — to mean that the net contains 
special places, called zero places, whose role is that of coordinating the atomic 
execution of several transitions, which, from an abstract viewpoint, will appear 
as synchronized. However no new interaction mechanism is needed, and the 
coordination of the transitions participating in a step is handled by the ordinary 
token-pushing rules of nets, assuming late delivery of stable tokens (postponed 
to the end of the transaction) . These places are ‘zero-safe’ in the sense that they 
cannot contain any token in any observable state. 

Definition 12 (zs net). A zero-safe net (zs net) is a tuple B = {Sb, Tb, Fb, 
ub, Zb) where Nb = {Sb, Tb, Fb, ub) is the underlying pt net of B and the 
set Zb C Sb is the set of zero places. The places in Lb = Sb \ Zb are called 
stable places. A stable marking is a multiset of stable places, and the initial 
marking ub must be stable. 

Stable markings describe observable states, whereas the presence of one or 
more zero tokens in a given marking makes it be unobservable. We call stable 
tokens and zero tokens the tokens that respectively belong to stable places and 
to zero places. Since S'® is a free commutative monoid, it is isomorphic to the 
cartesian product L® x Z® and we can write t: {u, x) — >■ {v, y) for a transition t 
with pre(t) = u(Bx and post(t) = v®y, where u and v are stable multisets and 
X and y are multisets over Z. In a way similar to pt nets, zs nets can also be 
seen as suitable graphs, yielding the following category. 

Definition 13 (Category dZPetri). A zs net morphism between two zs nets 
B and B' is a pt net morphism {f,g):NB — >■ Nb> where g preserves the par- 
titioning of places (i.e., g{a) G L®, if a G Lb and g{a) G Z®, if a G Zb) and 
satisfies the additional condition of mapping zero places into pairwise disjoint 
(nonempty) zero markings (i.e., for all z ^ z' G Zb, if g{z) = niOi © • • • ©n^afe 
and g{z') = mib\ © • • • © mibi then we have that Ui yf bj for i = 1, . . . ,k and 
j = 1, . . . ,1), which is called the disjoint image property. The category dZPetri 
has zs nets as objects and zs net morphisms as arrows. 

Since S'® is equivalent to L® x Z® , zs net morphisms become triples of the 
form h= if,gL,gz), where both gB and gz are monoid homomorphisms on the 
free commutative monoids of stable and zero places, respectively. 

Proposition 3. The category Petri is a full subcategory o/ dZPetri. 
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Table 6. The inference rules for _^b - 



underlying 


horizontal composition 


commit 


u(B X V (B y, u,v e L^, x,y e 


(u,x) ^B (v,y), (u',y) =Jb {v',y') 


(u, 0) ^B (v, 0) 


(u,x) (v,y) 


(u (Bu',x) =?B {v © v',y') 


« ^B V 



As for PT nets, we can define the behavior of ZS nets by means of a step 
relation _ defined by the inference rules in Table 0 An auxiliary re- 

lation _ z=iB - is introduced for modeling transaction segments. We can take 
advantage of the step relation - ^Nb - of fh® underlying net for concurrently 
executing several transitions (rule underlying). The rule horizontal compo- 
sition acts as parallel composition for stable resources and as sequential com- 
position for zero places. We call it ‘horizontal’ because we prefer to view it 
as a synchronization mechanism rather than as the ordinary sequential com- 
position of computations, which flows vertically from top to bottom. The rule 
commit selects the transaction segments that correspond to acceptable steps: 
They must start from a stable marking and end up in a stable marking. As a 
particular instance of the horizontal composition of two transaction segments 
(u,0) ('P)O) and (u',0) ^b ('c^0), we can derive their parallel composition 

(u 0 u', 0) (u © v', 0). 

2.1 Introductory Example: Dining Philosophers 

A simple example that illustrates the coordination role played by zero places 
relies on the modeling of the well-known ‘dining philosophers’ problem: There 
are n philosophers (with n > 2) sitting on a round table; each having a plate in 
front with some food on it; between each couple of plates there is a fork, with 
a total of n forks on the table; each philosopher cyclically thinks and eats, but 
to eat he needs both the fork on the left and that on the right of his plate; after 
eating a few mouthfuls, the philosopher puts the forks back on the table and 
starts thinking again. 

The PT net for the case n = 2 is illustrated in Figure 0 A token in one of the 
places PhHi, PhE^, and PhTj, for 1 < i < 2, means that the fth philosopher is 
hungry, is eating, and is thinking, respectively. A token in the place Fk^ means 
that the ith fork is on the table. The transitions Take^, Drop,, and Hungry, 
represent that the Ah philosopher takes the forks and starts eating, finishes 
eating and drops the forks, feels his stomach hungry and prepares to eat, respec- 
tively. Note that Take^ requires both forks and thus cannot be fired if the other 
philosopher is eating. The initial marking of the net is {PhTi, PhT 2 , Fki, Fk 2 } 
(i.e., both philosophers are thinking and both forks are on the table). 

Of course, this model does not tell how the philosophers access the ‘resources’ 
needed to eat, whereas the action Take^ is not trivial and requires some atomic 
mechanism for getting the forks. At a more refined level, for example, the strategy 
for executing the action Take^ could be specified as ‘take the Ah fork (if possible). 
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PhTi 



PhTz 




PhHi PhHa 

Fig. 2. An abstract view for (two) dining philosophers. 



then the ((f mod2) -|- l)th fork (if possible) and eat,’ hence it is not difficult to 
imagine a deadlock where each philosopher takes one fork and cannot continue, 
since conflict arises. The fact is that the coordination mechanism is hidden inside 
transitions whose granularity is too coarse. 

The situation is completely different if one wants to model the system using 
free choice netsU where all decisions are local to each place. To see this, let us 
concentrate our attention to a subpart of the net in Figure El depicted in Fig- 
ure OKa), which will suffice to illustrate the point. We can translate any net into 
a free choice net by adding special transitions that perform the local decisions 
required. For example, the free choice net in Figure Elb) corresponds to the net 
in Figure EKa), but models a system where two decisions can take place inde- 
pendently: One decision concerns the assignment of the first fork either to the 
first or the second philosopher, the other decision concerns the assignment of 
the second fork. Then, it might happen that the first fork is assigned to the first 
philosopher (Chi i) and the second fork is assigned to the second philosopher 
(Clr 2 , 2 )) and in such case the translated net deadlocks and none of the Take^ 
actions can occur. Thus, the translated net admits computations not allowed in 
the abstract system of Figure Ela). 

Zero-safe nets overcome this deadlock problem by executing only certain 
atomic transactions, where tokens produced in low-level resources are also con- 
sumed. In our example, the invisible resources consist of places Fk,; ^ for 1 < 
hj ^ 2, that can be interpreted as zero-places. In this way the computation 
performing Chi^i and Ch 2,2 is forbidden, because it stops in an invisible state, 
i.e., a state that contains zero tokens. Figure 2] represents the low-level model as 
a zs net. (Recall that smaller circles stand for zero-places.) 



^ We recall that a net is free choice if for any transitions ti and t2 whose presets are 
not disjoint, then the presets of ti and t2 consist of exactly one place, or equivalently, 
a net is free choice if for any place s in the preset of two or more transitions, then 
the preset of any such transition is exactly {s}. 
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Fig. 3. Global vs (completely) local choices. 




Fig. 4. Atomic free choice. 



2.2 CTph VS. ITph: The Multicasting System Example 

At an abstract level, the system modeled via a zs net B can be equivalently de- 
scribed via a PT net £{B) such that = Lb = Sb \ Zb and (_ ^e(b) -) = 

(_ ^B -)• Among the several PT nets that satisfy the above conditions we would 
like to choose the optimal one: Informally the transitions of such net should 
represent the proofs of transaction steps u ^b v taken up to concurrent equiva- 
lence and such that they cannot be decomposed into smaller transaction proofs. 
When these two conditions are satisfied, the concurrent kernel of the possible 
behaviors has been identified, and all the steps can be generated by it. 

We have seen in Section Q that when dealing with concurrency, there is a real 
dichotomy between the CTph and the ITph. According to the CTph, all those fir- 
ing sequences obtained by repeatedly permuting pairs of (adjacent) concurrently 
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to = new 
ti = send 
t 2 = copy 
tz = receive 
ti = reset 



Fig. 5. The zs net MS representing a multicasting system. 



enabled firings are identified. We call abstract stable transactions the resulting 
equivalence classes of zs net behaviours. However, acting in this way, causal 
dependencies on zero tokens are lost, and the class of computations captured 
by abstract nets may be too abstract for some applications. According to the 
ITph, instead, causal dependencies are a central aspect. As a consequence, only 
the transactions which refer to isomorphic Goltz-Reisig processes are identified, 
and we call connected transactions the induced equivalence classes. To illustrate 
these concepts, we recall the ‘multicasting’ example, taken from PI- The ZS net 
MS depicted in Figure El is designed to model a multicasting system: As in a 
broadcasting system, an agent can simultaneously send the same message to an 
unlimited number of receivers, but here the receivers are not necessarily all the 
remaining agents. 

Each token in place a represents a different active agent that is ready to 
communicate, while tokens in b represent inactive agents. The zero place z mod- 
els a buffer where tokens are messages (e.g., data, values). The transition new 
permits creating fresh agents. Each firing of send opens a one-to-many com- 
munication: A message is put in the buffer z and the agent which started the 
communication is frozen in b until the end of the current transaction. Each time 
the transition copy fires, a new copy of a message is created. To complete a 
transaction, as many firings of receive are needed as the number of copies cre- 
ated by copy plus one. Each firing of receive synchronizes an active agent with 
a copy of the message and then freezes the agent. At the end of a session, all 
the suspended agents are moved into place h. The transition reset activates an 
inactive agent. The graph corresponding to the zs net MS has the following 
set of arcs: Tms = {to- (c, 0) (a © c, 0), G: (a, 0) (6, z), t 2 : (0, z) (0, 2z), 

tz'. (a, z) — >■ (6, 0), ti'. {b, 0) — >■ (a, 0)}. 

In Figure El we see the infinite abstract pt net Ams for the refined ZS net 
MS, according to the CTph (see Definition ITTll . As it will be explained later, 
the abstract net Ams comes equipped with a refinement morphism to the 
refined net MS. The refinement morphism maps each place of Ams foto the 
homonymous stable place of MS and defines a bijection between the transitions 
of Ams and the abstract stable transactions of MS: The transition cr„ of Ams 
represents a one-to-n transmission. By contrast, under the ITph, different copy 
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Fig. 6. The abstract net for the multicasting system under the CTph. 




Fig. 7. The causal abstract net for the multicasting system under the ITph. 



policie^ for a one-to-n transmission may be distinguished. The infinite causal 
abstract PT net Ims corresponding to the refined zs net MS under the ITph 
(see Definition 1241) is displayed in Figure 0 It comes equipped with a causal 
refinement morphism to the refined net MS. Such morphism maps each 
place of Ims into the homonymous stable place of MS, and defines a bijection 
between the transitions of Ims and the connected transactions of MS. We assume 
that the generic transition corresponds to the one-to-n transmission that 
follows the fc-th codified copy policy (we denote by Cn the number of different 
copy policies associated to the one-to-n transmission). 

Zero places can be used to coordinate and synchronize in a single transaction 
any number of transitions of the refined net. Thus it may well happen that the 
refined net is finite while the abstract net is infinite. This is the case for this 
example, in which communication events can involve any number of receivers. 

2.3 Collective Token Approach 

Operational Semantics under the CT ph. A stable step of a ZS net B may 
involve the execution of several transitions. At the beginning, the state must 
contain enough stable tokens to concurrently enable the stable presets of all 

® We call copy policy any strategy (e.g., sequential, with maximal parallelism) for 
making copies of the messages in the buffer 2 . 
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these transitions. As the computation progresses, the firings can only consume 
the stable tokens that were also available at the beginning of the computation 
and the zero tokens that have been produced by some fired transition. A stable 
step whose intermediate markings are all nonstable and which consumes all the 
available stable tokens is called a stable transaction. 

Definition 14 (Stable step and stable transaction). Let B be a zs net. 
A firing sequence s = uq [ti) ui . . .Un-i [tn) Un of the underlying net Nb is a 
stable step of B if: 

— X^r=i — ■*^o(a) for all a € Sb \ Zb (concurrent enabling); 

— Uq and u„ are stable markings of B (stable fairness). 

We write ito{[s)itn to denote the stable step s, and 0{s) and D{s) to denote the 
Uq and Un respectively. A stable step s is a stable transaction if in addition: 

— the markings rti, . . . ,Un-i ore not stable (atomicity); 

— YJi=i Pre(ti)(a) = Uq{o) for all a G Sb Zb (perfect enabling). 

A stable step sequence is a sequence of stable steps Uo{[si)ui . . . 

We then say that is reachable from uq. We recall that stable tokens produced 
during the transaction become operative in the system only after the commit. 

Example 1. Consider the ZS net MS of Figure 0 

The firing sequence {2a} [ti) {a,b,z} [^ 4 ) |2a, zj [ts) (a, 5} is not a stable 
step, because the concurrent enabling condition is not satisfied. 

The sequence {4a| [fi) |3a, 6 , z| [ 12 ) |3a, 5, 2z| [ts) (2a,26, zj [fa) (a, 36} is 
a stable step but not a stable transaction, because the perfect enabling condition 
is not satisfied. 

The firing sequence s' = {2a, 6 } [fi) (a, 26, z} [ 63 ) {36} [ 64 ) {a, 26} is a 
stable step but not a stable transaction, because the atomicity constraint is not 
satisfied. 

The firing sequence s" = {2a, 6 } [ 64 ) {a,26, z} [tf) {2a, 6 , z} [ 63 ) {a, 26} is a 
stable transaction (compare it with the first sequence of this example). 

To obtain a more satisfactory notion of stable step (transaction) in the con- 
current setting of CTph, we can then consider commutative processes. 

Definition 15 (Abstract seqnence). Equivalence classes of sequences (w.r.t. 
diamond transformation) are called abstract sequences and are ranged over by 
a. The abstract sequence of s is written |s]. We also write pre(|s]) = 0{s) and 
post(|s]) = D(s) to denote respectively the origins and the destinations of |s]. 

Definition 16 (Abstract stable step and abstract transaction). Given a 
zs net B, an abstract stable step is an abstract sequence |s] of the underlying 
net Nb, where s is a stable step. An abstract stable transaction is an abstract 
sequence of Nb that contains only stable transactions of B. We denote by Tb 
the set of all abstract stable transactions of B. 
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The equivalence induced by diamond transformation preserves stable steps 
(because the diamond transformation preserves the properties of concurrent en- 
abling and of stable fairness required by Definition d but does not preserve 
stable transactions. Generally speaking, the problem is that two stable transac- 
tions that are concurrently enabled could be interleaved in such a way that the 
resulting sequence is a stable transaction. Of course, such transaction cannot be 
considered as a representative of an atomic activity of the system, because it 
can be expressed in terms of two concurrent sub-activities. Therefore, we take 
as representatives of abstract stable transactions all those stable transactions 
whose equivalence classes contain only stable transactions. 



Abstract Semantics under the CTph. It is now possible to define abstract 
representatives of those systems modeled by ZS nets in terms of pt nets whose 
transitions are abstract stable transactions. 

Definition 17 (Abstract net). Given a zs net B = {Sb,Tb, Fb,ub, Zb), its 
abstract net is the net Ab — (5 'b \ Zb,Tb,F,ub), with F{a,a) = pre((r)(a) 
and F{a,a) = post(cr)(a) for all a€ Sb Zb and a G Tb- 



Example 2. Consider the following firing sequences of the underlying net Nms 
of the ZS net MS in Figure 0 Snew = {c} [to) W, c}, Sres = {&} [G) {a}, 
Si = {2a} [ti) {a,b,z} [ts) {26}, S2 = {3a} [ti) {2a, 6, 2;} [62) {2a, 6,2z} [63) 
{a,26,z} [63) {36}, ..., 

Si = {(*- 1- l)a} [ti) {ia,b,z} [t 2 ) [t 2 )p a,b,iz} [ts) [t3 ) {(»+ 

i — 1 i 

We have Tms = {to, ^4 , cti, . . . , cTi, . . .} with t'g = |s„e„], t(j = {sresj and cr* = 
|si], for i>l. The abstract net Ams of MS is shown in Figure El It consists of 
three places and infinitely many transitions: One transition for creating a new 
active process, one for reactivating a process after a synchronization, and one 
for each possible multicasting involving a different number of receivers. 



Proposition 4. The reachable markings of Ab and of B are the same. 



Universal Constructions in the CTph. We recast the operational and ab- 
stract (CTph) semantics of ZS nets in a categorical framework via two uni- 
versal constructions. The first construction starts from the category dZPetri 
(where ZS nets are seen as programs) and exhibits an adjunction to a cate- 
gory HCatZPetri consisting of machines equipped with suitable operations on 
states and transitions (e.g., parallel composition and a special kind of sequential 
composition, called horizontal). This adjunction corresponds to the operational 
semantics of ZS nets, in the sense that the transitions of the machine 2f[B] as- 
sociated to a ZS net B are exactly the abstract stable steps of B. Moreover, 
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abstract stable transactions can be characterized algebraically as special tran- 
sitions of called prime arrows. The second construction starts from a 

different category ZSN of zs nets (strictly related to HCatZPetri), having the 
ordinary category Petri of pt nets as a subcategory, and yields a coreflection 
that recovers the abstract net construction in Definition ini We remark that 
ZSN allows one to map transitions of a machine into prime arrows of another 
machine, yielding a very general notion of ‘implementation morphism.’ 

Definition 18 (Category HCatZPetri). A ZS graph 

H = {{L U Z)®, (T, ©, 0, id, •), pre,post) 

is both a ZS net and a reflexive Petri commutative monoid^ In addition, it is 
equipped with a partial function _ • called horizontal composition, such that: 

a: {u, x) {v, y), fl: {u' , y) {v' , z) 

• ( 1 ) 

a • /3: (u © u' , cc) — >■ (u © v' , z) 

Horizontal composition is associative and has identities id(^^x) - (0; x) — >■ (0, x) for 
any x G Z® . Moreover, the commutative monoidal operator _ © _ is functorial 
w.r.t. horizontal composition. A zs graph morphism h = {f,gL,gz)'.H — ?> H' 
between two zs graphs H and H' is both a zs net morphism and a reflexive Petri 
monoid morphism such that f(a ■ (3) = f{a) ■ /(/3). ZS graphs (as objects) and 
their morphisms (as arrows) form the category HCatZPetri. 

Horizontal composition acts as a sequential composition on zero places and 
as a parallel composition on stable places. 

Proposition 5. If a: (it, 0) — >■ {v, 0) and a': (it', 0) — >■ (i>', 0) are two transitions 
of a ZS graph then a - a' = a® a' . 



Theorem 1. Let HCatZPetri — ?> dZPetri be the functor which forgets 
about the additional structure on transitions, i.e., 

^[{{L U Z)®, {T, ©, 0, id, OiPre, post)] = {L® x Z®, T, pre,post). 

The functor ‘W has a left adjoint dZPetri — >■ HCatZPetri. 

The functor dZPetri — >■ HCatZPetri maps a zs net B into the zs 
graph which is defined by the inference rules in Table 0 modulo suitable axioms: 
Transitions form a commutative monoid (with © and id(o,o)); the horizontal 
composition _ • _ is associative and has identities idpy^xf finally, the monoidal 
operator _© _ is functorial w.r.t. horizontal composition and identities. 

A reflexive Petri commutative monoid is a Petri net together with a function 
id: S® — >■ T, where the set of transitions is a commutative monoid (T, ©, 0) and 
pre, post and id are monoid homomorphisms, with pre(id(a:)) = post(id(a;)) = x. 
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Table 7. Free construction of 



(u, x)eL%x z® 
id(u,xY-{u,x) ->• {u,x) £ 2f[B] 

t: {u,x) (v,y) £ Tb 

t: (u,x) (v,y) £ S[B] 



a\ (u, x) (v, y), p- (m', x') ->■ (n', y') £ 3f[B] 
a © /3; (m © m', X © x') {v(Bv',y(B y') £ f^[B\ 



a- (u, x) (v, y), p-. {u', y) {v' , z) £ ^[B] 
a ■ P:{u(B u' , x) ^ (n © v' , z) £ S’[B\ 



Example 3. Let MS' be the ZS net defined in Section ^3 The arrow ti • ta S 
3P[MS] has source (2a, 0) and target (26,0), while (ti ©M(q,o)) ‘ (*c?(&,o) ® goes 
from (3a © b, 0) to (a © 36, 0). As another example, the following expressions all 
denote the same arrow (i.e., the one-to-three communication): 

ti ■ t2 ■ (^2 © fa) • (fs © fa) = fi • f2 • (f2 © id(Q^z)) ' (*'^(o,2z) © fa) ’ (fa © fa) 

= fi • f2 • (f2 © *d(o,z)) • (fa © fa © fa) 

= fl • f2 • (f2 © *d(o,z)) • (fa © *d(0,2z)) 

•(fa©fd(o.z))’fa- 



Definition 19 (Prime arrow). An arrow a: (u, 0) — >■ (u, 0) of a zs graph H is 
prime if it cannot be expressed as the monoidal composition of nontrivial arrows 
(i.e., a = /3 © 7 implies that P = i<i(o,o) or j = M(o,o)/ 

The following theorem defines the correspondence between the algebraic and 
operational semantics of ZS nets. 

Theorem 2. Given a zs net B, there is a bijection between arrows a\ (u, 0) — >■ 
(v, 0) in 2f[B] and abstract stable steps of B. Moreover, if such an arrow is prime 
then the corresponding abstract stable step is an abstract stable transaction. 

Example 4 - The prime arrows in 3f[MS] are tq = fg, T4 = 64, Oi = fi • fa, 
02 = fl • f2 • (fa © *d(o,z)) • fa, ■ • • , cti = fl ■ f2 • (f2 © fa) • ■ • ■ • (f2 © fa) • (fa © fa), 
and so on, where the expression (62 © fa) appears exactly i — 2 times in at. 

To characterize the abstract semantics, we introduce a category ZSN of ZS 
nets, where the morphisms may map a transition into a transaction. 

Definition 20. An abstract transition of a zs net B is either a prime arrow of 
3P[B] or a transition of B (seen as an arrow in 3P[B]). 

Definition 21 (Category ZSN). Given two ZS nets B and B' , a refinement 
morphism h: B ^ B' is a ZS net morphism {f,gL,gz)- B — >■ ‘^[3f’[B']\ such that 
the function f maps transitions into abstract transitions. The category ZSN has 
zs nets as objects and refinement morphisms as arrows. The composition between 
two refinement morphisms h: B ^ B' and h': J3' — >■ B" is defined as the zs net 
morphism o h: B ^ ‘^[^[B"]], where h'\^[B'] ST[B"] is the unique 

extension of h' to a morphism in HCatZPetri. 
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Theorem 3. The Category Petri is embedded into ZSN fully and faithfully as 
a eoreflective subeategory and the right adjoint funetor £^[-] is sueh that £/[B] = 
Ab for any zs net B. Furthermore, the eounit component maps transitions 
of the abstract net into appropriate abstract transactions. 

The universal property of the coreflection witnesses that As is the pt net 
that better approximates the abstract CTph behaviour of B. 

2.4 Individual Token Approach 

In this section, the basic activities of zs nets are defined accordingly to the ITph. 
This choice has a great impact on the resulting notion of transaction. 

Operational Semantics under the ITph. In the ITph, a marking can be 
thought of as an indexed (over the places) collection of ordered sequences of 
tokens and each firing must exactly specify which tokens are consumed. 

In [ 1 4^ . inspired by [44j . we presented a stack based approach to the imple- 
mentation of ITph states. The idea was to choose a canonical interpretation of 
the tokens that have to be consumed and produced in a firing and to introduce 
permutation firings with the task of rearranging ordered tokens: A marking is 
represented as a collection of stacks, one for each place and thus the extraction 
and the insertion of tokens follow the LIFO policy. However, permutation firings 
can modify the token positions in the stacks. Causal firings were essentially in- 
troduced as a concrete means to describe the token flow, providing an intuitive 
grasp of the underlying mechanism. In this presentation, we prefer to resort to 
the more compact algebraic notation given in Section o that precisely denotes 
concatenable processes. For the interested reader, causal firing sequences can be 
thought of as arrows in 'P(Nb) having the form 

u) = So; (ti ® zdui); si; (^2 ® fdua); « 2 ; • ■ • ; ® s„, 

where the Si are permutations, the U are transitions, and the Ui are suitable 
markings. In the following, we shall keep the terminology of causal firing se- 
quences for such arrows. For oj a causal firing sequence, we denote by pr(uj) the 
concatenable process it represents (considered up to isomorphism). 

Example 5. Let Nms be the underlying net of the zs net MS defined in Fig- 
ure 0 (i.e., in Nms we do not distinguish between stable and zero places). The 
concatenable processes associated to the sequences 

w = (to ® idb); (t4 ® ida®c); (h ® idai^c); (h ® idb^c)- b®c^2b 

Lo' = (t 4 (g) idf)-, (to ® ida)-, (ti 0 tda®c); (ts 0 *dfc®c): b®c^2b 
oj” = (to 0 idb)-, (t 4 0 icta®c); {la, a 0 *4); (ti 0 *4®c); (to 0 *4®c): b®c^2b 

are presented in Figure 0 We use the standard notation that labels the places 
and transitions of the occurrence net K with their images in N . A superscript 
for each initial place and a subscript for each final place denote, respectively, the 
value of °£ and £°. 
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pr(uj) = pr(uj') 

Fig. 8. The concatenable processes for cj, u' , and a;” of Example |3 



Before continuing, let us introduce some terminology that will be used in 
defining the ITph semantics of ZS nets. A process is full if it does not contain 
idle (i.e., isolated) places. A process is active if it includes at least one transition, 
inactive otherwise. An active process is decomposable into parallel activities if it 
is the parallel composition of two (or more) active processes. If such a decompo- 
sition does not exist, then the process is called eonneeted. A connected process 
may involve idle places, but it does not admit globally disjoint activities (i.e., 
the adjective refers to activities and not to states). Finally, the set of evolution 
places (that represent resources which are first produced and then consumed) of 
a process C is the set Ec = {P{a) \ a G K, | *a| = |a*| = 1}. 

To forget about the ordering functions of origins and destinations we can 
quotient concatenable processes modulo the underlying Goltz-Reisig processes. 

Definition 22. Let N he a net. Two causal firing sequences lo and lo ' are 
causally equivalent, written co ~ co' if pr{uj) = {P:K — >■ N, °£,£°) and pr{uj') = 
{P':K' — >■ N, °£',£'°) with process P isomorphic to P' . The equivalence class 
of uj is denoted by |w]~. We use ^ to range over equivalence classes. Since the 
relation ~ respects the initial and final marking, we extend the notation letting 
0(0 = 0{uj) and D{f) = D{uj), for f, = |w]~. 

In the ITph, state changes are given in terms of eonneeted steps, which may 
involve the concurrent execution and synchronization of several transitions. A 
connected transaction is a connected step such that no intermediate marking is 
stable, and which consumes all the available stable tokens of the starting state. 
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Fig. 9. The concatenable processes pr(a;i) (left) and pr ( 0 ) 2 ) (right). 



Definition 23 (Connected step and transaction). Given a ZS net B, let uj 

he a causal firing sequence of the underlying pt net Nb- The equivalence class 
^ = Iwjsi is a connected step of B, written 0(C)IC)-^(?)) */• 

— 0{uj) and D(uj) are stable markings (stable fairness); 

~ Epr^uj) Q Zb (atomicity). 

Furthermore, the connected step is a connected transaction of B if: 

— pr{uj) is connected; 

— pr{uj) is full. 

We denote by Eb (ranged by 5) the set of connected transactions of B. 

A connected step sequence is a sequence ■ • ■ Wn-i|Cn)urt of connected 

steps, and we then say that is reachable from uq. Connected steps differ from 
stable steps in that they allow for a finer causal relationship among events. 
Fullness ensures the absence of idle resources in connected transactions. Note 
that all conditions in Definition ESlimpose constraints only over the Goltz-Reisig 
process associated with pr{co). 

Example 6. Let us consider the zs net MS in Figure |3 and the causal firing 
sequences 



uji = ti\ (ti (g) idz)\ t^-.a^b 

U >2 = {ti ® idsa); {t2 ® *d3a®h); {h ® id2a®b®z)'^ {h ® idamb)' 4a o © 36 

^3 = {ti ® ida®c); {h ® «d&®c); (io ® id2b)-‘2a © c a © 26 © c. 

The equivalence class |wi]~ is not a connected step since the ‘atomicity’ require- 
ment is not fulfilled (Figure El left). The equivalence class |w2]Ri is a connected 
step but not a connected transaction since the associated process is connected 
but not full (Figure El right). Likewise, |o;3]~ is a connected step but not a 
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Fig. 10. The concatenable process pr ( 013 ). 



connected transaction since the associated process is not connected (Figure [n3)- 
The equivalence class of the causal firing sequence (ti 0 idia)] (^2 ® *d 4 aefc); (^2 ® 
id4a©b®z); (t2®*d4a©b®2z); (t3®*d3a®b©3z); (t3®*d2a®2b©2z); (^3 ® *do®3b®z) ; (^3® 
id/ib)'- 5a — )> 56 is a connected transaction. 



Abstract Semantics under the ITph. In the ITph based approach it is also 
possible to define an abstract view of the systems modeled via zs nets. Since 
transactions rewrite multisets of stable tokens, pt nets are again a natural can- 
didate for the abstract representation. 

Definition 24 (Causal abstract net). Let B be a zs net. The net Ib = 

{Sb \ Zb, ZIb, F, ub), with F{a, S) = pre(6)(a) and F{6, a) = post(6)(a) for all 
a € Sb \ Zb and S € Sb, is the causal abstract net of B. 

Proposition 6. The reaehable markings of I b and of B are the same. 

Example 7. Let MS be the ZS net in Figure El Its causal abstract net Ims is 
shown in Figure Q Transition tg is the basic activity which creates a new com- 
municating process and it corresponds to Itolsi- Similarly t'^ = 1^4] si. Each af 
describes a different one-to-i communication. The index k identifies the copy pol- 
icy under consideration. For each i, we denote by Ci the number of different copy 
policies for the communication one-to-i and we have a bijective correspondence 
among copy policies and the complete binary tree^with exactly i leaves. 

Universal Constructions in the ITph. In this section, analogously to what 
has been done for the CTph, we present the categorical constructions that char- 
acterize the operational and abstract semantics of ZS nets under the ITph. The 
first adjunction goes from dZPetri to a category ZSCGraph of more structured 
models, called ZS causal graphs, equipped not only with parallel and horizontal 
compositions as in HCatZPetri, but also with a family of swappings playing 
the role of zero token permutations. Again, the connected transactions are char- 
acterized as prime arrows of ZS causal graphs. The second construction starts 

® We recall that a binary tree is complete if any internal node has exactly two children 
and we do not distinguish between left and right children. 
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from a category ZSC of zs nets and more complex morphisms, having the ordi- 
nary category Petri of pt nets as a subcategory, and yields a coreflection that 
recovers exactly the construction of the causal abstract net. 

Definition 25 (Category ZSCGraph). A ZS causal graph 



is both a ZS net and a reflexive Petri monoid. In addition, it comes equipped with 
a partial function _ * _ called horizontal composition, 



and a family of horizontal swappings, {e„c,y' {0,x(By) — >■ (fl,y ® x)},„ y^z<s ■ Hor- 
izontal composition is associative and has identities id(^Q ,„) for all x S Z® . 
The monoidal operator _ ® _ zs functorial w.r.t. horizontal composition. The 
(horizontal) naturality axiom, Cx,x' * {fl ® a) = {a ® ff) * Cy^yi holds for any 
a\{u,x) — >■ {v,y) and fl:{u',x') — >■ {v',y'). Furthermore, the coherence axioms 
^x.y^^y,x ^^(O,a:0y) and Cx^y^y' ^ ^ (^^(0,y) ^ ) rflUSt bc Satis- 

fied. A morphism h between two zs causal graphs E and E' is a zs net monoidal 
morphism which in addition respects horizontal composition and swappings. This 
defines the category ZSCGraph. 

Again, horizontal composition is the key feature of the approach: It avoids 
the construction of steps which reuse stable tokens. 

Proposition 7. If a\ (it, 0) — >■ (i>, 0) and a': (it', 0) — >■ (i>', 0) are two transitions 
of a zs causal graph then a (E) a' = a' (E> a and a * a' = a 0 a' . 

The next theorem defines the algebraic semantics of zs nets by means of a 
universal property. 

Theorem 4. The obvious forgetful functor ZSCGraph — ^ dZPetri has a 
left adjoint dZPetri — >■ ZSCGraph. 

The functor maps a zs net B into the zs causal graph whose 

arrows are generated by the inference rules in Table El modulo suitable axioms 
(see [TZj for details). The zs causal graph is still too concrete w.r.t. 

the operational (ITph) semantics of ZS nets. More precisely we need two more 
axioms. 

Definition 26. Given a ZS net B, we denote by '^1S\B\I'F the quotient of the 
free zs causal graph 'i^'i^[B] generated by B in ZSCGraph modulo the axioms 



E = {{L U Z)®, (r, (g), 0, id, *, e___),pre,post) 



a: {u, x) (v, y), (3: (it', y) -)> {v' , y') 



a* it', a:) — >■ (u © v' , y') 



dz,z' — *^(o,2©z')) if ^ ^ ^ S Zb, 

d * t * d' = t, iftGTs and d, d' are swappings. 



( 2 ) 

(3) 
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Table 8. Free construction of 



(u, x)£L%x Z® 
id(^v.,xy-{u,x) ->• {u,x) £ V^[B] 

t: {u,x) (v,y) € Tb 

t: {u, x) — ^ {v, y) € ^'^[B] 



z, z' £ Zb 

dz,z'- (0, z(B z') ^ (0, z' (B z) £ ‘Z''i^[B] 



a: {u, x) (v, y), 13: («', y) {v' , z) £ ‘^W[B] 
a * /3: (m © u' , a;) — ^ (n © v' , z) G 3f'^[B] 



a: (u, x) -)■ {v, y), (3: {u' , x') -)■ (v', y') £ 
a ® !3: {u ® u' , X ® x') {v (Bv',y(B y') G '^'^[B] 



The quotient is such that for any k:'3o^[B\ -B E £ ZSCGraph 

which respects axioms and there exists a unique arrow k^: ‘^'S\B\I'E — E 
such that k>i, o = fc in ZSCGraph, where Q^:'i^'i^[B] — >■ '^‘S\B\I'E is the 
obvious ZS causal graph morphism associated to the (least) congruence generated 
by the imposed axiomatization. 

Proposition 8. For any morphism h: B ^ B' in dZPetri there is a unique 
extension h:’io‘i^[B]/'E — >■ 'W^[B']/F of h in ZSCGraph. 

Example 8. Let MS' be the ZS net defined in Section [Q The arrow t\ * t^ G 
'^^[MS]/F has source (2a, 0) and target (26,0), while (ti ‘Z>id(^a,o)) * (*^(&.o) ® 
ta) goes from (3a © 6,0) to (a © 36,0). As another example, all the following 
expressions denote the same arrow: 



ti*t2* {t2 ® h) * (ta © ta) =ti*t2* {t2 ® *d(o,2)) * {h ta) 

= ti*t2* dz,z * {h ® id(o.z)) * ih © ta ® ta) 
^ti*t2* {id(o,z) ® t2) * (ta © ta © ta) 

^ti*t2* (ta © h) * (ta © ta). 

To give the expected correspondence between algebraic and operational se- 
mantics we reuse in the current setting the notion of prime arrows. 

Theorem 5. Given a ZS net B, there is a one-to-one correspondence between 
arrows a: (u, 0) — )> ('Cj 0) G ‘^'i^[B]/W and the connected steps of B. Moreover, if 
such an arrow is prime (and is not an identity) then the corresponding connected 
step is a connected transaction. 

Example 9. In our running example, some prime arrows of ta^[MS\ are tg, ti*ta, 
and ti*t2* (t2 © t2) * (ta © t2 © ta © ta) * (ta © ta), while the arrow (ti © t\) * 
dz,z * {h © ta) * (ta © ta) is not prime. 

To recover the abstract semantics of ZS nets in the ITph, we define a category 
ZSC whose objects are zs nets and whose morphisms allow for the refinement 
of a transition into an abstract connected transaction. 
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Fig. 11. 



Definition 27. Given a zs net B, a causal abstract transition of is 

either a prime arrow of ^'i^[B]/W or a transition of B (seen as arrow). 

Definition 28 (Category ZSC). Given two ZS net B and B' , a causal re- 
finement morphism h: B ^ B' is a ZS net morphism h = {f^gL^gz) from B 
to (the image through the forgetful functor of) ^^\B'\l'Jr , such that function f 
maps transitions into causal abstract transitions. The category ZSC has zs nets 
as objects and causal refinement morphisms as arrows, with composition defined 
similarly to that in ZSN. 

Theorem 6. Gategory Petri is embedded in ZSC fully and faithfully as a core- 
flective subcategory and the right adjoint functor J^[_] is such that J^[B] = Ib 
for any zs net B. Furthermore, the counit component of the coreflection maps 
each transition of the abstract net into the appropriate connected transaction. 

2.5 One More Example 

We remark that the impact of different philosophies on the modeled system 
is considerable. This has been already suggested by the multicasting system 
example, but there are many other examples where the dichotomy is immediate. 
Let us consider the zs net GR in Figure o Then, according to the CTph the 
abstract net Aqr has only two transitions that correspond to to and ti ■ t2, 
whereas, according to the ITph the causal abstract net Icr has infinitely many 
transitions: to, t\ * t2, (fi (8> ti) * c?z,3z * (^2 ® ^2)1 and so on. Note the analogy 
between Icr and the abstract net Ams of the multicasting system example. 

We end this section by observing that all pt nets can be constructed using 
ZS nets whose transitions have four fixed ‘shapes.’ The needed components are 
illustrated in FigureEl We leave to the reader, as an easy task, to combine these 
shapes for building a generic transition, though of course several other sets of 
building blocks could have been chosen. 

3 Translation of Languages 

with Synchronization Primitives 

In this section we give some general hints for modeling CCS-like communication 
via zs nets. The idea is to represent each channel by a pair of zero places, one 
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Fig. 13. The zs net Za- 



for input and one for output, and to model each input (output) action on a 
channel with a transition that produces a token on the input (output) zero place 
associated to that channel. A special transition, also associated to the channel, 
is enabled by a token in the input and a token in the output zero place. If the 
channel is restricted, this is the only transition that can consume those tokens, 
thus synchronizing the input and output actions that produced the two tokens. If 
the channel is not restricted, two additional transitions can consume the tokens 
separately. Thus, for every channel name a we define a ZS net Z^, consisting 
of two zero places a! and a?, and three transitions iUa, syua, and outa (see 
Figure IT!^ . For a set A = {oi, ...,a„} of channel names, we denote by Z{A) the 
ZS net obtained as the disjoint union of Za ^, . . . , Za^. 

Definition 29 (Interfaced net). Given a set A = {ai,...,a„} of channel 
names, an A-interfaced net is a triple {B,A,P), where B is a ZS net — in 
our translation the initial marking will always be a set — and P is an injective 
mapping from Z{A) to B, which preserves the ZS net structure. The set A is 
called the interface of the net. 

Two A-interfaced nets {B,A,P) and {B' ,A,P') are isomorphic if there ex- 
ists a ZS net isomorphism tf from B to B' that ‘preserves interfaces’ (in the sense 
that it must preserve the injective images of Z{A)). 

The simple process algebra (spa) considered in is equipped with the 
operations of inaction nil, input and output action prefix a._ and a._, parallel 
composition _|_, and restriction _\a, whose associated SOS rules are given in 
Table 0 (We let y range over input (a), output (a) and silent (r) actions, and 
let A range over input /output actions.) We will show later how to deal with 
distributed nondeterministic sum. 
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Table 9. SOS rules for the simple process algebra SPA. 




X.p^p p\r q\r p\p' ^ q\q' 



, 

p — > q 
r\p r\q 



P-^ q {a,a} 
p\a -^4 q\a 



Each agent p is modeled by an /u(p)-interfaced net |p]zs, where the set fv{p) 
is the set of the free (i.e., non-restricted) channel names in p. The definition of 
IpJzs is given by initiality (i.e., it is the unique SPA-algebra homomorphism from 
the term algebra), and thus it is enough to define the corresponding operations 
on interfaced nets. 

Inaction. The inactive net nil is a 0 -interfaced net (B, 0 , 0 ), where B consists 
of a single place that contains one token in the initial marking. 

Action prefix. The interfaced net a.{B,A U {a},P) is given by adding a new 
stable place b and a new transition t to B. The initial marking consists of a 
token in b. The transition t takes a token in b and produces the initial marking 
of B plus a token in the zero place P{al). If the name a is not contained in 
the interface of the given net, then also a copy of Za has to be added, and the 
injective mapping P is extended in the obvious way. A similar construction is 
defined for an output action prefix a.p (we substitute a! for a? in the postset of 
the new transition t). 

Parallel composition. We let (i?i, Ai, Pi) |(B2, A2, P2) = {B,Ai U A2,P), with 
B given by the union of Pi and P2 where only Pi(Z(Ai D A2)) and P 2 ( 2 '(Ai fl 
A2)) are identified, and with the mapping P given by the union of Pi and P2. 
The initial marking of B is the union of the initial markings of Pi and P2. 

Restriction. If a does not appear in the interface, then (P, A, P)\a = (P, A, P). 
Otherwise, (P, A U {a},P)\a = (P', A,P'), with P' = P \ {P(ina), P{outa)} 
and P' is P restricted to Z{A). 

The image of Z{fv{p)) in P (via P) plays the role of the interface, since it is the 
only part of the net |p]zs that is modified by the construction defined above: It 
can be increased (as in the case of action prefix), it can be merged with another 
interface (as in the case of parallel composition) and it can also be restricted (as 
in the case of the restriction operator) . It is worth noting that for each agent p, 
with |p]zs = (P, A, P), we have Ab = Ib- 

The relation between SPA agents and their associated interfaced nets can be 
formalized by adding a labeling function (j) from the transitions of abstract nets 
to the set of actions. 

Definition 30 (Labels of transactions). Let p be an agent. For each (con- 
nected) transaction of |p]zs; we define 
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{ Oi if Qi G fv{p) and Pfiuaf) is fired in f 
di if tti € fv{p) and P{outaf) is fired in f 
T otherwise 

The definition of labels is not ambiguous, because each transaction ^ of |p]zs 
contains at most one firing of transitions in P{Z{fv{p))). 

Definition 31 (Bisimilarity between agents and markings). Let p he an 

agent, let N be a net whose transitions are labeled by (f> over the set of actions, 
and let u he a marking of N. We say that p is bisimilar to u in N if there exists 
a relation ~ between agents and markings of N such that p ^ u, and: ( 1 ) for 
each transition p — ^ p' there exists a firing u [<) u' of N such that (pit) = p and 
p' ^ u' ; ( 2 ) for each firing u [t) u' of N with p(t) = p there exists a transition 
p — ^ p' such that p' ^ u' . 

Proposition 9. Let p he an agent, and |p]zs = {B,A,P), then p is bisimilar to 
the initial marking of the abstract net Ab- 

A comparison with other net semantics presented in the literature for CCS- 
like algebras is out of the scope of this presentation. We just remark the linearity 
of our encoding and that it provides a reasonable concurrent semantics for SPA 
agents, as formalized by Proposition]^ above. 

Restricted names have only local scopes, and agents that differ only for local 
names (i.e., agents that can be obtained one from the other by a-conversion) can 
be considered equivalent. We use the symbol _ =a _ to denote such equivalence 
(e.g., we have iai.a2-nil\d2-nil)\a2 =a iai.a3.nil\d3.nil)\a3 for any 03 ^ ai). It 
is worth noting that our translation supports a-conversion. 

Proposition 10. Lfp=a q, then |p]zs and |g]zs are isomorphic. 

3.1 Distributed Sum 

Usually, one can distinguish between two kinds of nondeterminism: don’t know 
and don’t care. In the former, an alternative is selected via a sort of ‘lookahead’ 
(e.g., only if the associated subprocess can move), whereas the latter is ‘blind.’ 
The difference between the two is evident just by looking at the SOS rules in 
Table E 3 as ‘don’t care choice’ is modeled via axioms. In the next we rely on 
don’t know choice, which is more complicate to deal with. 

To model don’t know choice in distributed implementations of CCS-like lan- 
guages, the classical approach is to make a cross product of the initial markings 
of the subcomponents in such a way that when one thread r in one component 
moves, then all the threads in the other component will never be enabled since 
r consumes some of their premises. Of course this is an expensive construction 
that adds a lot of auxiliary structure causing state explosion. Using zs nets the 
‘interface’ approach described above can be exploited for accommodating a more 
compact solution (though the classical one is still possible). 
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Table 10. Two kinds of nondeterministic choice. 



don’t know 


don’t care 


A A 

p — > Q p — > q 




p -h r — yq r p — >q 


p + r p r+p^^p 



Pi +P2 




Fig. 14. 



The idea is that besides channel (zero) places, also a ‘generic action’ zero 
place, say g, is added that receives tokens from all transitions generated by the 
action prefix construction. Using this place we can establish whether or not a 
thread can evolve. Normally, a transition go can consume exactly one token from 
g and produce nothing. (Both g and go are part of any interface). Since we are 
interested in catching ‘top level’ actions, every time a process is prefixed by an 
action we remove from the interface g and go and add new instances of them 
which become connected to the prefixed action only. The general situation is that 
we have two such interfaced nets and we want to model their nondeterministic 
sum. The first step is to replace the two go transitions by transitions that are in 
some way controlled by the choice-point. The relevant part of the construction 
is illustrated in Figure Cl for the rest we assume that the two ‘argument’ nets 
are put in parallel, merging their interfaces except that for g and go components 
(denoted by gi and go^ in figure) that are carried out of the interface, while fresh 
g and go are inserted in the composed net. We call ui and U2 the markings of 
the two argument nets, that form, together with a token in the place ‘pi + P2^ 
the initial marking of the composed net. To see how the construction behaves, 
suppose that pi can perform a certain action, then a zero token appears in gi that 
can be consumed only by firing ‘(-I-’ since go^ has been deleted and is not yet 
enabled. The firing of ‘(-I-’ consumes the only stable token in pi +p2 and hence, 
all threads in the second net cannot complete any transaction (because tokens 
in 52 can never be consumed). We have decided to put |ui| tokens in the stable 
place that rule 5o(, so that when other top level threads of pi will be able to 
fire, then enough tokens will be available to close all transactions asynchronously. 
Propositions P and II 1)1 are still valid for this extended framework. 
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a2.nil ai.nil + a2.nil ai.nil ai.nil 




Fig. 15. The interfaced net for the process {{ai.nil + a2.nil)\ai.nil)\ai\a2. 



Example 10 . The interfaced net for the agent {{ai.nil + a2.nil)\ai.nil)\ai\a2 
is presented in Figure El Note that the presence of the arc from ts to g is 
motivated by the fact that g (and go) are part of the interfaces of the two nets 
associated with ai.nil + a2-nil and ai.nil and thus g becomes shared when the 
two agents are composed in parallel. If t2 tries to fire, then the zero token in 
02? cannot be consumed. If ti tries to fire, then the only possibility is that also 
ts fires producing a token in oi! so that also syn^_^ is enabled and the token in 
oi? can be consumed. If this is the case, then one has still to consume the zero 
tokens in g and g2 produced by the firings of and ti, respectively. Thus, +) 
must be fired that produces another zero token in g. Then, transition go can 
be fired twice to conclude the transaction. This transaction corresponds to the 
transition {{ai.nil + a2.nil)\ai.nil)\ai\a2 — > {nil\nil)\ai\a2, and is the only 
possible one. 

Note that since ‘(+’ and ‘+)’ take one token only from gi and g2 respectively, 
then r-moves cannot force the choice (because synchronizations produce two to- 
kens in gi or 32)- This was also the reason for writing A and not g in the rules for 
don’t know choice in Table im To deal with this possibility, it suffices to add two 
variants of and that consume two tokens from gi and <72 respectively. 
More generally, one might want to synchronize any number of threads as triggers 
of the same left/right choice. This can be easily done by augmenting the com- 
posed nets with one additional zero place and three transitions, as illustrated in 
Figure El The transitions dci have the duty of sequentially decrementing the 
number of tokens in gi (takes two and puts one back) until only one token is 
left that can be consumed by 50', thus synchronizing the choice with all threads 
of the zth component that tried to move. Since only one token is present in the 
place pi+p2^ then only one token can be produced in z and the dci preserve this 
invariant under firing. Therefore, only one transition between (- 1 - and -I-) can fire 
in the transaction. As a consequence, it is not possible that both dci and dc2 are 
fired in the same transaction, as otherwise a zero token would remain in one of 
the zero places gi. Note that the CTph and the ITph can yield different abstract 
nets, as the latter distinguishes between the different ways for dci to consume 
the tokens in g^. One may argue that there is a centralized choice point and that 
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Fig. 16. 



therefore two threads of pi cannot force concurrently the ‘left choice’ but must 
be synchronized on it. We think that this is by no means a limitation of the ap- 
proach, as e.g. the classical solution requires a ‘token synchronization’ between 
each thread of one component and all other threads of the other components, 
via a conflict resolution similar to the one illustrated in the dining philosophers 
example (here the tokens in the cross product of the two initial markings of 
subnets are ‘forks’ and the threads are the ‘philosophers’ that want to eat). 

4 An Operational Definition for Transactions 

The issues that we want to address in this section regard zs nets implemen- 
tation. The problem is that the operational semantics relies on some sort of 
meta-definition, where one computes on the underlying net, builds transaction 
segments, and then can discard ‘bad’ behaviors and accept the ‘good’ ones, act- 
ing as a filter. This means that there are important questions which can be asked 
for any actual interpreter — Is backtracking necessary? Is the implementation 
correct? And complete? Does a more efficient implementation exist? We try to 
answer these questions (see the Conclusions) by defining a machinery for com- 
puting on ZS nets. The idea is to adapt the classical net unfolding to pursue 
concurrently all the nondeterministic runs of the ZS net under inspection, in 
such a way that ‘commit’ stable states are recognized and generated. 

Whether one is interested in distinguishing between different concurrent 
proofs or is just interested in the step relation _ - is an important issue. 

In particular, given a zs net B and a stable marking u we address the problem 
of computing in a distributed and efficient fashion the set of markings that can 
be reached from u via an atomic transaction step, i.e., the set {v \ u ^b v} (that 
is invariant under the CTph and ITph). The solution relies on a modification of 
the interpreter for unfolding PT nets fi7l, ^11:1,4 , which is extended with a commit 
rule enforcing the synchronous termination of transactions. 
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4.1 PT Net Unfolding 



The unfolding of a net gives a constructive way to generate all its possible compu- 
tations, offering a satisfactory mathematical description of the interplay between 
nondeterminism and causality (and concurrency). In fact the unfolding construc- 
tion allows for bridging the gap between pt nets and prime algebraic domains. 



sfl III m 



, but we suggest also the 



The obvious references to this approach are 
interesting overview m- It is worth remarking that our presentation is slightly 
different from usual ones (but reminiscent of M), since it is presented as the 
least net generated by suitable inference rules, rather than by making explicit 
the chain of finite nets that approximate it. 

The construction provides a distributed interpreter for pt nets. We remark 
that the unfolding applies only to marked nets, i.e., it requires an initial marking. 

Starting from a net N, the unfolding produces a nondeterministic occurrence 
net U{N) (an acyclic net, where transition pre- and post-markings are sets in- 
stead of multisets and where each place has at most one entering arc), together 
with a mapping from U{N) to N that tells which places and transitions of the 
unfolding are instances of the same element of N . Hence the places oiU{N) repre- 
sent the tokens and the transitions (called events) the occurrences of transitions 
in all possible runs. For this kind of nets the notions of causally dependent, of 
conflicting and of concurrent elements can be straightforwardly defined and are 
represented by the binary relations _ ^ and co(_, _), respectively. Formally, 

the relation - ^ - is the transitive and reflexive closure of the immediate prece- 



dence relation _ - defined as = {(oj f) I a £ pre(t)} U {(t, o) | a £ post(f)}, 

while the binary conflict relation is defined as the minimal symmetric relation 

def 

that contains -#o- (defined by ^ ^2 A pre(ti) fl pre(f2) 0 ), 

and that is hereditary with respect to _ ^ Since the conflict relation must be 
irreflexive, then _ ^ _ and have empty intersection. The concurrency relation 
is defined by letting 00(01,02) if it is not the case that (oi ^ 02 or 02 ^ oi or 
oiflo2). In particular, the relation co is usually extended to sets of elements by 
writing co(X) if for all 01,02 € X we have 00(01,02). 

More concretely, the places oiU{N) have the form (a, n, H), where a £ Sn, n 
is a positive natural number that is used to distinguish different tokens with the 
same history, and H is the history of the place under inspection and therefore 
either consists of just one event (the one that produced the token) or is empty 
(if the token is in the initial marking). Analogously, a generic transition oilA{N) 
has the form (t, H) with t £ Tjv, since each transition is completely identified 
by its history H, which in this case consists of the set of consumed tokens. The 
set H cannot be empty since transitions with empty preset are not allowed. The 
net U{N) is defined as the minimal net generated by the rules in Table El 

We now give a computational interpretation of such rules. The first rule de- 
fines the initial marking oiU{N). The second rule is the core of the unfolding: It 
searches for a set O of concurrent tokens that enables a transition t of TV, atomi- 
cally locks them, fires the event e (that is an occurrence of t), and produces some 
fresh tokens T according to post(t). Notice that the condition co(6>) depends 
only on the histories Hi for i G I, and therefore cannot be altered by successive 
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Table 11. The unfolding if (N^). 

'*^in(o) — n, 1 < fc < n 
{ a , fe, 0) £ Sm(jv) 

t:u ^ ®jej O = {(ai,ki,Hi) | i £ /} C Sw(iv). co(0), u = Oi 

e = (t, 0) £ T = {{&ji ” 1 , {e}) | f £ J, 1 < m < Jij} C Su{N), pre(e) = 0, post(e) = T 



Table 12. The unfolding if (_B). 

u(a) — n, 1 < A: < n 
(a, k, 0) £ Su(B) 

t: (u, x) («, njZj) € Tb, 0 = {{«i, fcj, Hi) | i £ /} C Su(B), co(0), ii © x = 0;gj s, 

e = (t, 0) £ Th^b), T = {(zj, {e}) I f G J, 1 < m < "j} C Su(^b), pre(e) = 0, post(e) = T 

^ C T„(b), co(r), ZProd(r) = ZCons(r) 
u&Sg(B,u) uQ SCons(r) © SProd(_T) £3^{B,u) 



firings. In fact, as in memoizing for logic programming, or more generally in 
dynamic programming, the history is completely encoded in the tokens, so that 
it is not necessary to compute it at every firing. Also, note that histories retain 
concurrent information rather than just sequential, therefore each token/event 
is generated exactly once (though it can be later referred to many times) . More- 
over, several occurrences of the second rule can be applied concurrently and 
therefore the unfolding can be implemented as a distributed algorithm. 



4.2 zs Net Unfolding 

The unfolding of the underlying net Nb does not yield a faithful representation 
of the behavior of B. In fact, we must forbid the consumption of stable resources 
that were not inserted in the starting marking. Moreover, we must be able to 
apply the commit when the transaction step has consumed all the zero tokens 
produced so far. 

The netU{B) is defined as the minimal net generated by the rules in Table IT^ 
Together with the unfolding net we compute a set of (reachable) stable markings 
^{B,u) for the initial (stable) marking u of the unfolding. 

The first two rules define the unfolding, which remains similar to the classi- 
cal algorithm, except for the fact that stable tokens in the postset of the fired 
transition are not released to the system. In fact, while the set 0 must contain 
enough tokens to provide both the stable and the zero resources needed by t 
(as expressed by the condition u(B x = Si), the tokens that are produced 

by the occurrence of t applied to 0 (i.e., tokens in the set T = post(e)) just 
match the zero place component ®j^jnjZj of post(t) and not the stable place 
component v (it is not released until a commit related to e will occur) . The third 
rule is obvious. The fourth rule defines the commit of a transaction step. 
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To shorten the notation, we introduce the following functions that, given an 
event e, return the set of zero tokens respectively consumed and produced by 
the ancestors of e (and by e itself), i.e., we let 

ZCons(e) \ z G Zg}, ZProd(e) Ue'^e P°st(e'), 

where ZCons(e) is the set of zero tokens that have been consumed by some 
e' ^ e; similarly ZProd(e) represents the set of zero tokens that have been 
produced by some e' < e (note that for any (z, fc, H) G ZCons(e) we have 
(z, k, H) ^ e, while ZProd(e) can also contain tokens that are concurrent with e 
or produced by e). We remark that ZCons(e) C ZProd(e), because the marking 
u is stable and therefore it does not contain zero tokens with empty histories. For 
stable places the situation is different, since we are just interested in knowing 
how many tokens have been consumed and will be produced for each place by 
the antecedents of e, thus: 

SCons(e) u, SProd(e) v. 

{t:{u,x)—^{v,y),0)<e {t:(u,x)—>-{v,y),0)<e 

The four functions that we have defined are extended to sets of events in the 
obvious way. We remark that while ZCons(_) and ZProd(_) return sets (of 
zero places in the unfolding net), the functions SCons(_) and SProd(_) return 
multisets (of stable places in the original net). 

The fourth rule takes a set F of concurrent events and checks that any zero 
token produced by their antecedents is consumed by an antecedent of some 
event in F. The latter condition can be conveniently expressed as the equality 
ZProd(T) = ZCons(T). In fact, if a certain token o is in ZProd(T), then 
the condition states that there exists at least an event e G F and a uniqu^fl 
e' e. such that o G pre(e). If these premises are satisfied, then the rule extends 
^(B,u) with the multiset obtained by subtracting from u the stable resources 
consumed by all the antecedents of events in F, but adding those that would have 
been produced during the step. This rule defines a commit, since it synchronizes 
local commits, as the following result shows. 

Proposition 11. If F C Th(b) such that co{F) and ZProd(T) = ZCons(T), 
then for any e = (t, 0) G T we have that t does not produce any zero token. 

Note the analogy between the ‘commit’ rule that takes a set of concurrent 
events and the ‘unfolding’ rule that takes a set of concurrent tokens: This is to 
some extent related to our view of zs nets as a formalism for expressing transition 
synchronization rather that just token synchronization. 

The resulting algorithm is as much distributed as the classical one when 
applied to the abstract net of B. In fact all the useful relations are defined 
by just looking at the history of the elements in the premises, which, under the 
atomicity assumption reduce to the stable preset of the abstract step. To improve 
efficiency, the sets ZProd(e), ZCons(e), SProd(e) and SCons(e) could be 



Otherwise a conflict would arise. 
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also encoded in e more directly, although they can be easily calculated from the 
history component. The main result can be formulated as the following theorem. 

Theorem 7. ^{B,u) = {v \ u v}. 

Since the unfolding encodes the proof of the transaction step (via the history 
components), it is possible to use the same scheme for computing the abstract 
net (whatever philosophy is preferred). However, for doing this efficiently, we 
must be able to recognize isomorphic processes. For example, note that given 
a certain computed process, any renaming of the stable tokens in the initial 
marking (i.e., any permutation of tokens in the same place) yields a different 
but isomorphic process that is also calculated during the unfolding. To solve 
this problem, we can either try to avoid having several isomorphic processes in 
the unfolding by some clever construction, or check at commit-time if the freshly 
computed transaction is isomorphic to some transaction already computed. 

Since a ZS net B can contain cycles that produce an unbounded number of 
zero tokens, the unfolding can become infinite. So an important question con- 
cerns the decidability of^{B,u). In a private communication to the authors m, 
Nadia Busi proved that such set is indeed decidable. Roughly speaking the idea 
is to simulate the behaviors of i? by a pt net with exactly one inhibitor arcQ 
for which the reachability problem has been solved in The set !%{B,u) is 
recursively enumerated by the inference system, and if it is infinite we cannot 
do any improvement. But when SS{B,u) is finite, it would be desirable to find 
some condition for halting the execution of the algorithm, that otherwise could 
continue computing transaction segments that cannot be completed. Finding 
some general condition for halting the unfolding of ZS is an open problem that 
we leave for future investigations. 



5 Zero-Safe Nets and Read Arcs 

We now show how to extend the zero-safe net paradigm with read arcs, in the 
style of contextual nets m- The idea is to model transitions that can read 
certain tokens without consuming them, so that multiple readings on the same 
token can take place concurrently (using ordinary pt nets, the naive way of 
modeling readings via self-loopt|l is not appropriate because the accesses to read 
tokens are sequentialized) . 



5.1 Contextual Nets 



^ Nets with inhibitor arcs, also called with negative arcs, have been introduced in m 
for modeling systems where the presence of certain resources can inhibit the firing 
of some transitions. We recall that the reachability problem is nndecidable for the 
class of nets with two or more inhibitor arcs. 

® Given a net N, a self-loop consists of two arcs (a, t), (t, a) G Fn for a place a G Sn 
and a transition t £Tn- 
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Table 13. The inference rules for _ =>i\i 



identities 


generators 


parallel composition 


mg S® 


t-.u-^vGT 


w\®w W2®w 

Ml © W ^^|\j Ml © M), U2®W V2®W 


u 

U =^N U 


u © [wj V © [wj 


Ml © M2 © M) =4>|\| Ml © M2 © M; 



Definition 32. A marked contextual net ( c-net ) is a tuple N = {S,T,F,C, u-m), 
where — {S,T, F,Uin) is the underlying pt net and C: S' x T — N the 
context relation. 

We denote by ctx(t) the multiset of places defined by ctx(t)(a) = C{a,t) 
for all a S S and by [u\ the underlying set of places of a multiset u (i.e., 
[itj = {a I u{a) > 0}). Informally, the minimum amount of resources that a 
transition t requires to be enabled is pre(t) © [ctx(t)J : The tokens in pre(t) are 
fetched, while those in [ctx(t)J are just read, and other transitions can access 
them, concurrently with t. The minimum requirement involves [ctx(t)J and not 
ctx(t) because the same token can be read more than once. However, t can also 
read different tokens from the same place, up to the maximum established by 
ctx(t). For t G T with pre(f) = u, post(t) = v and ctx(t) = w, we write t: u — > v. 
In the following, we shall overload the symbol C to denote multiset inclusion. 

Definition 33. Let u and v be markings of a c-net N and let X he a finite 
multiset of transitions of N . We say that X is enabled at u if ctx(t)J © 

• pre(<) C u. Moreouer, we say that u evolues to v uia X, written 
u [X) V if X is enabled at u and u [X) v is a step of the underlying pt net N^. 

Note that if u has enough tokens to satisfy also the ‘context’ of X, then v is 
obtained from u by removing ®tg'rX(f) • pre(t) and then adding ®tgTX(t) • 
post(t). The step relation can be equivalently defined by the inference rules in 
Table El that carry also information about the context used in the step. The 
meaning of u v is that from the marking u there is a step that leads to 

V reading w — note that there must exist two markings ui and vi such that 
u = ui (Bw and v = vi(Bw. Idle tokens are seen as part of the context of a step. 
Transitions yield basic steps, where only the minimal context is required. When 
building larger steps, any part of the contexts of the two substeps can be shared. 

For example, from w =^n w and from the step m© [w\ =y>i\i t>© [w\ associated 
to t: u V, we obtain u © w =^i\i v (Bw, because [wj C w, and therefore [wj 
can be shared. 

For sequential composition of steps we have several alternatives: (1) to forget 
about all the information on context; (2) to arbitrarily forget about part of the 
context; (3) to define the context of the composed sequence in a canonical way. 

The three cases are illustrated in Table El where uDv denotes the multiset 
of places such that (unti)(a) = min(M(a), u(a)), for all a G S'. In particular, the 
third set of rules keeps track of the maximal possible context of a sequence. The 



Transactions and Zero-Safe Nets 



417 



Table 14. Three sets of inference rules for _ 





basic step 


sequential composition 


(1) 


W 

U =^N V 


V * / 

U V, V =^N V 


u V 


u =y>Ki v' 


(2) 


Wl^W 

U => N V 


w * , 

U =y>N V, V V 


w * 

U V 


W * / 

U V 


(3) 


w 

U =^N V 


■u>x * ma 

Ul =^M Vl, Vl V2, W = Wl n W2 


w * 

U V 


w * 

Ul =y>|M V2 



three definitions lead to the same set of reachable markings. Though (2) and (3) 
are similar, in principle the former is more appropriate for the ITph (because 
the shared context is not necessarily the maximal one), while the latter can deal 
well with the CTph (cf. the ‘maximum sharing hypothesis’ of CHiini). 

In a way analogous to pt nets, step sequences for c-nets can be considered 
up to diamond transformation, originating commutative contextual processes. 
Instead, for accommodating causal dependencies, (causal) contextual processes 
are introduced. 

Definition 34. A deterministic occurrence c-net is a finite, acyclic (w.r.t. the 
preorder in which t precedes t' if either post{t)r\{pi'e{t')Uctx{t')) ^ 0 or ctx(t)n 
pre(T) ^ 0) c-net 0 such that: (1) for all t € T, pre(t) and post(t) are sets (not 
multisets) and (2) for all to ^ti gT, pre(to) npre(ti) = post(to)npost(ti) = 0. 

The dependencies between events in an occurrence c-net can be of two 
kinds: ‘causal’ and ‘temporal.’ When post(t) fl (pre(t') U ctx(f')) ^ 0, then t 
causes t' , because t produces a token that is necessary for enabling t' . When 
ctx(t) n pre(t') 0, then t cannot happen after t', because t' consumes (part 
of) the context needed by t and since we are describing a deterministic com- 
putation where both t and t' must fire, we have that t temporally precedes t' . 
In [I4l,3j it is shown that these two notions are precisely characterized by a causal 
dependency relation < and a relation ^ called asymmetric conflict. The former 
is the transitive closure of the relation ^ defined by: (i) if s G pre(t), then s ^ t; 
(ii) if s G post(t), then t s] and (iii) if post(t) fl ctx(t') 0, then t t'. 
The asymmetric conflict relation is the union of the causal dependency relation 
together with the strict asymmetric conflict relation defined by letting t t' 
if ctx(t) n pre(t') y^ 0 or t y^ f' A pre(t) fl pre(t') y^ 0. The conflict relation ff 
is then induced by ^ and < (the reflexive closure of <) via the rules below: 

to Z' ti Z' ... Z' tn Z' to #{A U {t}) t <t' 



fffto, t\, . . . , tn} 



#(Au{t'}) 
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Table 15. The two common inference rules for - 



underlying 


commit 


w © a: V (By, u,v,w e L® , x,y,z e Z® 


W 

(u,0) =4 b (^^,0) 


W 

{u,x) =^B {v,y) 


W 

U ^B ^ 



where A is a finite set of transitions. 

Note that # relates finite sets of transitions and not just pairs of transitions. 
However, when read arcs are not present, then ^ is just the closure under set 
union of the ordinary binary conflict relation of PT nets. It follows that for each 
deterministic occurrence c-net 0 the relation /^o is acyclic and thus the net is 
conflict free. The last relation we shall introduce regards place concurrency. A 
set U of places is called concurrent, written co(?7), if: (1) for any a, a' € U, 
it is not the case that a < a'; and (2) is acyclic when restricted to the set 
it (U) = UaGif lt (®)> where ff (a:) = {t G T | t < a:} is the set of ancestors of x. 

Definition 35. A contextual process (^c-processj P for a c-net N consists of a 
deterministic occurrence e-net 0 together with a pair of functions fp'.To — Tn 
and gp: So — >■ S'n that respect sources, targets and eontexts of transitions. 



5.2 Zero-Safe Contextual Nets 

We now merge the features of ZS nets with that of c-nets, by allowing the com- 
bined use of zero places and read arcs in our models. 

Definition 36 (zs c-net). A zs c-net is a tuple B = {S,T, F,C, Z,u-m) sueh 
that Nb = (S', T, F, C, Uin) is a c-net and {S,T, F, Z,Ui^) is a ZS net. 

Note that zero places can be used as context, because Z a S. In defining the 
dynamics of zs c-nets, we can follow two main alternatives. The crucial point is 
whether to forbid or not that a stable token is read (possibly many times) and 
then also fetched during the same transaction. While the rules underlying and 
commit are identical for both alternatives (see Table [Ell) the difference between 
the two is expressed by the rule for sequential composition. For simplicity, on 
zero tokens we consider the step relation that forgets about the information on 
contexts, as it is equivalent to the other possible choices from the ‘reachability’ 
point of view. 

In order to allow consumption of previously read stable tokens in the same 
transaction, we need the complex rule below: 

wi 0ti; w 

{ui<Swi<Sw,x) =ts (?^l © Wi © w, y), (U2 © Wi © W,t/) =4 b («2 © W,t/') 

if>) ■■ ■ — — — — • 

(ui © «2 © Wl © W, x) =^B (vi © «2 © w, y') 
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The idea is that the second step can consume the tokens in wi that the first 
step reads. The context w is instead shared between the two steps. 

For not allowing consumption of previously read stable tokens in the same 
transaction, it suffices to introduce the simpler rule 

w w 

(ui © w, x) (vi © w, y), (u2 © w, y) = 4 b (f2 © w, y') 

w s • 

(ui © «2 © in, x) =^B («1 © «2 © in, y') 

The rule sequentializes on zero tokens, while composing in parallel on stable 
tokens (sharing the whole context w of the two substeps). We recall that w 

Wi^W 

can contain idle tokens, and therefore, given any two steps (ui,x) =Ib (ni,y) 

W2^W 

and (u2,y) {v2,y') we can always ‘complement’ such steps with markings 

'W\^W2®'W 

W2 and ini respectively, to obtain (tti © W2,x) = 4 b (ni © W2,y) and (u2 © 

'W\^VJ2®'W 

wi, y) =tB {v2 © ini, ?/'), so that the rule for horizontal composition can be 
applied. 

W 

To distinguish between the two interpretations, we write either u ^b,^ ^ or 

W 

u V, depending on which rule among 0 and i/> is considered. Of course 

W W 

u V implies u ^b,^ ^ but not vice versa. 

Though the operational and abstract semantics can be defined either accord- 
ing to the CTph or to the ITph, we prefer to follow the latter interpretation only: 
in this way it is possible to distinguish the places that are used as context during 
the transaction and the abstract counterpart is still a c-net, whereas the CTph 
might introduce some confusion. 

For the ITph the transactions correspond to full and connected deterministic 
c-processes of the underlying c-net such that the origins and destinations are 
stable and the evolution places are zero places. Thus, the context of a transaction 
is the set of places that are both minimal and maximal (transactions do not 
contain isolated places but can contain places that are simply read) . The abstract 
net associated to a zs c-net B is a c-net that has the stable places of B as places, 
the transactions of B as transitions with preset, postset and context defined in 
the obvious way (if we allow to first read and then consume a stable token in 
the same transaction, then the token is put in the preset of the corresponding 
abstract transition, not in the context). 

Example 1 1 (Multicasting revisited). To illustrate the use of read arcs in the zero- 
safe framework, we show an improved specification of the multicasting system. 
Let us consider the ZS c-net CMS in Figure^ (as usual, read arcs are depicted 
as undirected lines). The idea is that copying can be avoided, as all receivers 
can simply ‘read’ the same copy. Thus, a firing of t\ opens the session producing 
the message in the buffer z, then many receivers can concurrently read the 
information by firing t^ and then the session is closed by a firing of ^2 that 
removes the message from the buffer. Of course, many multicasting sessions can 
take place concurrently. At the abstract level the system is then represented 
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to = new 
t\ = open 
t2 = close 
to = read 
ti = reset 



Fig. 17. The zs c-net CMS for multicasting. 




Fig. 18. The abstract c-net for the multicasting system CMS. 



by the c-net in Figure m Though this time also the empty transmission ri 
is possible, the analogy with the abstract net Ams of the multicasting system 
presented in Section 0is evident (ji represents the one-to-(i — 1) transmission). 



5.3 A Distributed Contextual Interpreter 

We conclude by showing that the interpreter of Section 0 can be modified to 
deal with contexts by considering the unfolding of ZS nets proposed in 0 . As a 

matter of notation, we write t. (u,x) {u',x') for a transition t with preset 

u(Bx, context v(By and postset u'(Bx', with u, v, u' G (S'nZ)® and x, y, x' G Z® . 
The rules for dealing with the case where stable tokens can be first read and then 
also consumed in the same transaction are illustrated in Table El Note that, to 
store the context accessed, events are encoded as triples rather than as couples. 

The main differences w.r.t. the interpreter of Section^ concern the firing rule 
and the commit rule. In fact, here the execution of a transition has to keep track 
of the context, differentiating it from the fetched tokens. For this purpose, we 
have supplied the set <1>. Note that we do not record multiplicities of readings, 
as they are not important to establish the correctness of a transaction; hence we 
just check that the context contains enough tokens (more than [t'QyJ), but less 
than the maximum allowed {v®y). However, if one is interested in computing the 
associated processes, then also multiplicities should be considered: They should 
be assigned to the s' so as to exactly match v®y. Of course, for the transition to 
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Table 16. The unfolding W(B) with commit according to (</>). 

u{a) = n, 1 < k < n 
(a, k, 0) e 5w(b) 



t: {u, x) (w, 0j*£j e o ^ {{s^, ki,Hi) I * e /} c Su(B), ^ ^ I * e ^ Su(b), 

co(0 U <P), O n <P — 0, u ® X — Si, L"^ © 2 /J C 0^gj/ s' C i; 0 y 

e — (t, 0, G 7w(b)> ^ {^}) I j G J, 1 < pre(e) — 0, post(e) — T, ctx(e) — ^ 



r C /’’-fi-(T’) is acyclic, <r= -0, ZProd(i~') = ZCons{r’) 

u G R^(B, li) tx © SCons(i~') 0 SProd(P) G R,^(B, ix) 



fire, both the context and the preset must be concurrently available and disjoint. 
When the premises are satisfied, then the event e and the zero places in T are 
inserted in the unfolding. For the commit, we cannot just assume that transitions 
in r are concurrent, as the following example demonstrates. 

Example 12. Let us consider the zs c-net in Figure El (reminiscent of CMS in 
Figure E|- There are two admissible transactions: The first is given by a firing 
of ti followed by a firing of t2 that consumes the token produced in z by ti . The 
second consists of a firing of G, followed by a firing of G that reads the token in 
z, and then by a firing of t2 ■ The unfolding progressively introduces the following 
tokens and events: 



- Si = (a, 1, 0), S2 = (a, 2, 0); 

- ei = (G,{si}, 0 ), 2:1 = (z,l,{ei}); 

- 62 = (G, {S2}, 0),Z2= {z, 1, {62}); 

- 63 = (G, {si}, {Z2}) and 64 = (G, {S2}, {^i}) (note that, e.g., (G, {si}, {zi}) 
cannot be introduced because si < zi); 

- 65 = (G,{ 2 i}, 0 ) and 66 = (G,{^2},0). 

If we require that the commit is given by concurrent transitions only, then the 
only admissible E are {65}, {e^} and {65, ee}. From these sets we cannot derive 
any information about the occurrence of 63 and 64. However, there are asymmet- 
ric conflicts between 63 and 65 and between 64 and 65, and therefore these events 
are not completely unrelated. So the question is, e.g., ‘how can we distinguish be- 
tween the deterministic c-process that involves ei and 65 only from the one that 
involves also 64?’ Our answer amounts to take E as consisting of ‘compatible’ 
(but not necessarily concurrent) events that are not causally dependent. This 
is expressed by requiring the asymmetric conflict relation to be acyclic (when 
restricted to the ancestors of events in E) and the intersection between < and 
G X G to be empty. Under these assumptions, the commit can happen under 
any of the following G: Gi = {65}, G2 = {ce}, G3 = {63,65}, G4 = {64,65}, and 
A = {65, 65}. 

Since stable contexts are left unchanged by the transaction, then the mark- 
ing inserted after the commit just computes the tokens consumed and those 
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Fig. 19. 

Table IT. The commit of the unfolding according to (ip). 

r C Ti4{b)i acyclic, <r~ ZProd(P) = ZCons(P), Spre(P) D Sctx(P) = 0 

u € R-t/, (B, It) © SCons(R) © SProd(P) € R-0 (B, li) 



produced. Note that all conditions can be verified ‘locally’, just by looking at 
the encoded history of the chosen premises (0 and <P for the firing rule and T for 
the commit rule). It might happen that a stable token is first read and also con- 
sumed before the end of the transaction; this makes clear the difference between 
read arcs and self-loops, as in the second case the stable token cannot be reused 
in the same transaction. It can be verified that the set computed in 

this way is exactly the set of markings that are reachable in one step from u. 

W 

Theorem 8. = {u | u ^}- 

The obvious alternative is to forbid stable tokens to be read and consumed 
in the same transaction, according to the rule {'tp). In this case, the rules for 
computing must be changed as shown in Table El where Spre(_) and 

Sctx(_) are the pointwise extensions of the functions: 

Spre(e) e 0 | a G Lb}, 

Sctx(e) k,H) €<P\a€ Lb}. 

Note that Spre(_) and Sctx(_) return sets of stable places in the unfolding, and 
we have SCons(e) = ©^,,fe,^)gspre(e) 



W 

Theorem 9. ^^(B,u) = {u | u ^b,v> ^}- 

Since both interpreters are based on the same unfolding net W( B) , it is evident 
from the two different commit rules that ^^{B,u) C 1% ^{B,u), as ^ ^{B,u) has 
an additional premise. 
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Fig. 20. Operational and abstract semantics of zero-safe nets. 



Conclusions 

We have proposed the framework of zero-safe nets as a basis for modeling and 
implementing distributed transactions. In fact, zs nets can provide both the 
refined view of the systems where actions have finer grain and an abstract view 
where transactions are seen just as transitions of an ordinary pt net. Working at 
the level of zs nets allows one to keep smaller the size of the system description 
(for example the abstract net can have an infinite number of transitions also 
when the refined net is finite). 

After surveying the operational and abstract semantics of the framework, 
we have shown how to encode many features of concurrent systems, as e.g. 
distributed choice, in a compositional manner and how to combine zero places 
with read arcs. It is worth remarking that the construction of transactions can 
be defined, in the language of category theory, as an adjunction, i.e., it is a 
free construction and thus preserves several net composition operations (defined 
as colimits in the category of zs nets). The construction of the abstract net 
defines a coreflection, whose universal properties confirm that it is the optimal 
such construction. These constructions can be pursued according to either the 
CTph or the ITph. The two approaches yield the same step relation but different 
abstract nets. The categorical semantics (summarized by the four adjunctions in 
Figure|2n|) recovers the operational and abstract semantics of ZS nets, introducing 
an algebraic characterization of the whole framework. 

We have also illustrated a distributed interpreter for computing on (ordinary 
and contextual) ZS nets. We want to remark that the resulting implementation 
does not violate the locality assumptions, since it is completely analogous to 
the widely accepted implementation for pt nets. This interpreter satisfactorily 
answers the questions formulated at the beginning of Section 0J Backtracking is 
not necessary, correctness is given by Theorem [ 7 | and completeness is ensured 
by our inference system. We are confident that formal halting criteria can be 
found for expressive classes of zs nets. 

As future work, we plan to extend the concept of ‘zero place’ to other net 
flavours, as e.g., coloured and timed nets, nets with inhibitor arcs, and probabilis- 
tic nets. In fact we conjecture that our basic mechanism for expressing ‘transition 
synchronization’ can be helpful also in these richer models for a compositional 
modeling of systems and for describing execution protocols. Another ongoing 
line of research concerns the study of hierarchical zs nets, where one can have 
different levels of abstraction. Finally, it would be interesting to apply contextual 
ZS nets to the modeling and study of serializability in transaction systems, in a 
way which is somehow analogous to the research conducted in PETI . 
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Abstract We show that the so-called ‘Petri nets are monoids’ approach 
initiated by Meseguer and Montanari can be extended from ordinary 
place/transition Petri nets to contextual nets by considering snitable non- 
free monoids of places. The algebraic characterizations of net concurrent 
computations we provide cover both the collective and the individual 
token philosophy, uniformly along the two interpretations, and coincide 
with the classical proposals for place/transition Petri nets in the absence 
of read-arcs. 



Introduction 



The basic features common to any ‘flavour’ of Petri net essentially are that 
states are (multi)sets of distributed, abstract resources, and that actions only 
involve the coordination of local parts of the state, as they can consume some of 
the resources available and release fresh resources. Accordingly, a computation 
can be described abstractly as a partial order of events in which any two events 
are either causally dependent - when one could not have been executed without 
a resource provided by the other - or concurrent - when they could have hap- 
pened in any order, because they affect independent subsystems. These features 
make net models suitable for representing in a satisfactory way concurrent and 
distributed systems in many interdisciplinary applications. 

Meseguer and Montanari in [2,'III4I | (and successively in j 121 1 .'Ii;! I i;i2ltil 1 4^ sev- 
eral authors) have recasted these facts in algebraic terms to unveil properties of 
net computations and, especially, of the intrinsic concurrency of the net model. 
The underlying idea of the so-called ‘Petri nets are monoids’ approach is to lift 
the algebraic structure of states to the level of computations, so that the dis- 
tribution of the resources is reflected on the performed actions, analogously to 
what happens in rewriting logic \'Z IWZ'Z\ . in structured transition systems jl I j and 
in tile logic In the case of ordinary place/transition Petri nets (pt nets). 
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states are multisets of places, or equivalently, elements of the free commutative 
monoid over the set of places. Moreover, a computation can be obviously com- 
posed with any computation that originates from the same state in which the 
first ends, yielding a computation that is the concatenation of the two. Hence, 
computations possess by nature an intrinsic (partial) operation of ‘sequential’ 
composition that gives rise to a category - arrows are computations, identities 
representing unused tokens. Lifting the monoidal structure of states to the cate- 
gory of computations results in a monoidal category of computations, where the 
functoriality law of the monoidal tensor product expresses a basic fact about the 
true concurrency of the model. Namely, that in any computation the relative or- 
der in which two concurrent actions are executed is always immaterial. In fact, 
if a\ and 02 are computations such that a^, for i = 1,2, originates in Ui and 
leads to Vi (written ap.Ui — >■ Vi), then 

(oi © idu^)] {idy^ © 02) = oi © 02 = (*d«i © 02); (oi © idy^), 

where © is the tensor product (modeling concurrent composition of computa- 
tions) originated from multiset union on states, _ is the operation of sequential 
composition, and the id^, idy. are idle components of computations, with e.g., 

,oi — Or — Oi, tdy ^ . 

The extensive use of pt nets has given rise to different schools of thought con- 
cerning their semantic interpretation. In particular, the main distinction is drawn 
between collective and individual token philosophies (see e.g. 1 1 8j 1. According to 
the collective token philosophy (CTph), one is not interested in distinguishing 
among different tokens in the same place (i.e., among instances of the same re- 
source), because all such tokens are operationally equivalent. However, tokens 
may have different origins and histories, carrying different causality information 
and hence consuming one instance rather than another, can make the difference 
from being causally dependent or not on some previous event. The point of view 
of the individual token philosophy (ITph) is that these causal dependencies may 
well form an essential information that should not be discarded when, e.g., flow 
analysis is concerned. Of course, causal dependencies may influence the degree 
of concurrency in abstract computations, and therefore CTph and ITph lead to 
quite different concurrent semantics. 

For ordinary pt nets the algebraic approach has been pursued under both 
philosophies, characterizing different kinds of net processes, ranging from Best 
and Devillers commutative processes 0 (that support the CTph) to concaten- 
able processes pi , 41 ,'-! I \ and strongly concatenable processes |22j (that support the 
ITph). Note that the ITph relies on a tensor product which can be commutative 
only up to a monoidal natural isomorphism. Therefore, the algebraic approach 
requires some special mechanism in order to accommodate the lifting of the 
(commutative) monoidal structure of states. It is worth mentioning that the al- 
gebraic approach under the ITph is completely straightforward for the recent 
proposal of pre-nets |S| whose states are based on strings rather than multisets. 
From this point of view, the approach initiated by Meseguer and Montanari is 
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Fig. 1. 



completely general and can be applied to more general net models where, e.g., 
tokens are some kind of more complex data Plibj . 

Several extensions of the basic pt net paradigm have been considered in the 
literature that either increase the expressive power or give a better represen- 
tation of existing phenomena. This paper focuses on extending the ‘Petri nets 
are monoids’ approach to contextual nets, also known as nets with read-arcs, or 
condition-arcs, or test-arcs . The motivating idea behind ‘read-arcs’ 

is that of reading resources without consuming them, thus providing a way of 
modeling multiple concurrent accesses to the same resource. Using ordinary pt 
nets such readings must be rendered as self-loops, and this imposes an unwanted 
sequentialization of concurrent readings. On the contrary, with contextual nets, 
besides pre and post-sets, transitions also have ^contexts' , that is resources that 
are necessary for the enabling but are not affected by the firing. Contextual 
nets have found applications e.g., to transaction serializability in databases m, 
concurrent constraint programming PEI, and asynchronous systems m- 

Independently of CTph and ITph, for contextual nets several different ap- 
proaches have been proposed that differ in the way in which contexts are read. 
For example, let us consider the nets Ni, N2 and in Figure ^ taken from m- 
(As usual, places are represented by circles, tokens by black bullets, transitions 
by boxes, pre- and post-sets by directed weighted arcs, and contexts by undi- 
rected weighted arcs, with unary weights always omitted.) According to the 
semantic interpretation of the transitions to and ti can fire concurrently 
in Ni, but neither in N2 nor in N3, since the basic assumption is that a token 
cannot be read and consumed in the same step. In pni, instead, the concurrent 
step is allowed for all three nets, the basic assumption being that tg and ti can 
both start together, read the context tokens, and need them not while the ac- 
tions take place. Besides its possible merits, we find this interpretation not fully 
convincing as, for instance, in N3 we would end up in a state that cannot be 
reached by any firing sequence. Thus, to some extent, the firing steps of POj allow 
certain transition occurrences to synchronize. The basic assumption of PEI that 
firings have duration leads to consider ST-traces, where explicit transition- starts 
and transition- ends events are fired. Hence N2 can start to and then ti before 
to completes, allowing the concurrent step {to,ti} (with the hypothesis that to 
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starts first). On the contrary, in if either tg or starts, then the context for 
the other transition is consumed and the concurrent step is forbidden. We follow 
the interpretation of m that fits better our understanding of contexts. 



Contextual Nets and Collective Token Philosophy. The algebraic theory 
for PT nets developed under the CTph is well consolidated, and the relationships 
between its computational, algebraic and logical interpretations are by now very 
clear [S|. Starting with the classical ‘token-game’ semantics, many computational 
models for Petri nets have been proposed that follow the CTph. In particular, the 
commutative processes of Best and Devillers P] reconcile the ‘diamond’ equiva- 
lence (cf. § II . Ill on firing and step sequences, and express very nicely the concur- 
rency of the model. They also admit an exact algebraic representation by means 
of the universal construction T(-) that yields strictly symmetric strict monoidal 
categories from the category of pt nets. More precisely, given a PT net N , the 
objects of T{N) are markings and its arrows correspond to the commutative 
processes of N Ena. 

Surprisingly, CTph semantics for contextual nets have received poor attention 
in the literature, not only for what concerns the algebraic treatment. Whether 
because the problem has been underestimated, or simply because the ITph is 
more fascinating, we cannot tell. In any case, we think that it is useful to address 
this discrepancy with the semantics of ordinary pt nets. Moreover, although one 
can easily extend the diamond equivalence to firing sequences on contextual nets, 
the formalization of a good algebraic model is not at all straightforward. Inspired 
by a suggestion made by Meseguer in P2|, we give here a satisfactory treatment of 
this issue. The idea is to consider monoidal categories with a commutative tensor 
product taken - differently from the case of pt nets - over a non-free monoid 
of places. In particular, we regard each token a as an atom (for lack of a better 
analogy) that can emit ‘negative’ particles a~ {electrons) while keeping track of 
their number, i.e., as in we assume that for all fc £ N, a = a^©fc-a , where 
represents an atom that has released exactly k particles to the environment. 

Replacing context arcs on a with self-loop arcs on a”, we are able to give an 
axiomatic construction of a monoidal category whose arrows between standard 
markings (i.e., containing no negative particles) are (isomorphic to) the concur- 
rent computations of the net according to the CTph. A key ingredient for this 
result to hold is the so-called maximum sharing hypothesis, an axiom express- 
ing that concurrent readings can always be seen as sharing the same token, a 
fundamental idea in CTph. 



Contextual Nets and Individual Token Philosophy. Building on the no- 
tion of process introduced by Goltz and Reisig in PI. several authors have 
shown that the semantics of nets in the ITph can still be understood in terms of 
symmetric monoidal categories, where the tensor product, this time denoted by 
_ © is commutative only up to a monoidal natural isomorphism 7 called sym- 
metry (for strictly symmetric monoidal categories the transformation 7 is just 
the identity). In particular, a simple variation of Goltz- Reisig processes called 
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concatenable processes is introduced in m (see also M), which admits sequen- 
tial composition and yields a symmetric monoidal category V{N) for each net 
N. Note that ® is commutative on the objects of 'P(N). A refined version of 
concatenable processes is given by strongly concatenable processes where 
origins and destinations are totally ordered (as opposed to the orderings of ori- 
gins and destinations of concatenable processes that are indexed by the places). 
Also several unfolding semantics (see e.g. |3til25| l have been proposed that give a 
denotational interpretation of the interplay between concurrency, causality and 
nondeterminism. 

For contextual nets both the process and the unfolding approaches have 
been studied giving a satisfactory understanding of the computa- 

tional model via the introduction of asymmetric event structures. The algebraic 
approach, however, has been pursued only in a recent paper by Gadducci and 
Montanari m using match-share categories. Their basic idea is that, together 
with symmetries, two additional auxiliary constructors must be present: one for 
duplicating tokens and one for matching them. Formally, for each place a the 
auxiliary arrows V a'- a a 0 a and Aa: a 0 a a are added to the compu- 

tational model (and suitably axiomatized, by letting e.g., Vq; Aa = ida and 
Va; 7 a, a = Vq with ida the identity arrow on a and 7 o,o the symmetry that 
swaps two tokens in a). Read-arcs can then be replaced by self-loops (i.e., if 
the transition t consumes u, reads v and produces w, then one considers a de- 
rived transition ty'. u 0 v ^ w 0 v) , and reading without consuming modeled by 
duplicating the context, firing the transition concurrently with an idle copy of 
the context, and then matching the idle copy with the corresponding produced 
tokens (i.e., by considering the arrow ty = (id„®V^); (ty0idy); {idy,0Ay) illus- 
trated in Figure 12(a)). Multiple concurrent access is achieved by producing via 
duplication - and then absorbing via matching - enough copies of the context. 
In |16|. a suitable axiomatization of duplicators and matchers is introduced and 
proved to represent faithfully the basic fact about concurrent access: steps shar- 
ing the same context, but otherwise disjointly enabled, can execute concurrently 
or in any interleaved order with no noticeable difference (e.g., using the notation 
above, the term {idu' ® t«); (ju',w 0 idy); (idyj 0 ty); ( 7 ^,',™ 0 idy), illustrated in 
Figure mb), for t' that consumes u' , reads v and produces w', is equivalent to 
ilu'.u 0 idy); {idu 0 ty); {'^u,w' 0 idu); {idy,' 0 ty) in Figure Etc), and both ad- 
mit a normal form where the subterms ty and t'y are executed concurrently, as 
illustrated in Figure 0 (d)). 

The main drawback of this approach is that the initial model contains too 
many arrows and, therefore, in order to obtain a bijection with contextual pro- 
cesses one has to carve a suitable subcategory. Although the arrows of this 
subcategory can be characterized by inspecting their structure, the lack of a 
global correspondence somehow weakens the framework. We aim at improving 
the approach of m starting from the observation that the unwanted arrows 
are due to redundant information in the model. In fact, once a context token 
is read by a transition we know the ‘real’ token it is connected to: the one 
duplication was applied to. Hence, the match operation, needed for express- 
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Fig. 2. 



ing concurrent readings, does not add any further information and may intro- 
duce inconsistent behaviors. For example, given two tokens in the place a, one 
can first duplicate both and then match each copy of the first token with a 
copy of the second token: it should be evident that the resulting arrow (written 
(Va ® Va); {ida ® 7a, o ® ida)', (^a ® ^a)) is meaningless from the computational 
viewpoint, unless the two tokens represent the same context. We overcome this 
problem by extending to the ITph the approach proposed for the CTph in the 
first part of the paper. 

The key of our proposal is to regulate the use of symmetries on the mark- 
ings so to forbid the swapping of a a* and an adjacent a”. This prevents the 
migration of electrons from atom to atom, as it might happen in the CTph 
and in m- The absence of electron migration represents, in the ITph, a sort of 
dual to the maximum sharing hypothesis, that we call exaet sharing hypothesis. 
Most notably, the restriction is imposed simply by omitting the corresponding 
symmetries from the model. And reintroducing them would in fact result in a 
redundant framework perfectly analogous to the one provided by match-share 
categories. Observe that this yields a monoidal category that, formally speaking, 
is not symmetric anymore: we allow only selected commutations by explicitly 
including selected symmetries. These will include, of course, all the symmetries 
between standard markings (i.e., those in which tokens have released no parti- 
cles), and will exclude all those that may lead to confuse the causal histories of 
tokens. Our main result is that, again, the arrows between standard markings are 
in bijection with a slight refinement of contextual processes, called eoneatenahle 
contextual processes. In this, it is crucial that the model be able to treat particles 
in different ways depending on the context. On the one hand, according to the 
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ITph, we need to distinguish between a~ released by different atoms, but on the 
other hand, similarly to the CTph, we want to identify those particles generated 
by the same a. This is the precise content of our exact sharing hypothesis, as 
formalized by a new axiom that we call 0. 

Origin and structure of the paper. This paper builds on the work reported in 
Besides extending loe. cit. by detailed examples and proofs of the main results, 
we improve its treatment of the ITph in many respects. In particular, in [Zj we 
relied on a distinction between forward and backward contexts, realized through 
a second kind of electron, a~, in addition to a”. Moreover, differently from here, 
our representation result was phrased in terms of strongly concatenable contex- 
tual processes. Axiom 0 is instrumental in these improvements, and is first 
introduced here. 

In Section C] we recall some basics about contextual nets and the algebraic 
semantics of pt nets. In Sections|2|and|niwe define algebraic semantics for contex- 
tual nets under both the CTph and the ITph, providing original characterization 
results for commutative and concatenable contextual processes. We remark that 
in the absence of read-arcs, our semantics coincide with the classical ones. 

Acknowledgements. We would like to thank Jose Meseguer and Paolo Baldan for 
some interesting discussion on the topic and also Matteo Coccia for his reading of 
a preliminary version of our work. We are also grateful to the anonymous referees 
for their careful reading of the manuscript (they spot several well-hidden typos) 
and their helpful comments. 

1 Preliminaries 

1.1 Contextual Nets 

Contextual nets were introduced for extending pt nets with the ‘read with- 
out consume’ operation |iOI27l20K15| . The states of contextual nets are called 
markings and represent distributions of resources (tokens) in typed repositories 
(places). Given the set of places S, markings can be seen as finite multisets 
u: S' — > N, where u(a) denotes the number of tokens that place a carries in u. 
The set of finite multiset on S is the free commutative monoid on S. We denote 
it by S®, and indicate multiset inclusion, union and difference by C, 0 and Q, 
respectively, with u Q v defined only for v Q u. For k a natural number and 
u a multiset, k ■ u is the multiset such that (k ■ u)(a) = k ■ u(a) for all a. We 
denote by [uj the underlying set of u, that can be seen as the multiset such that 
[rtj (a) = 1 if u(a) > 0 and [mJ (a) = 0 otherwise. If u = [uj and v = [uj we use 
the standard set notation rt U u and rt fl u to denote, respectively, the union and 
intersection of u and v. Since we consider finite multisets only, the reader should 
not get confused if in the following the adjective ‘finite’ is sometimes omitted. 

Definition 1. A contextual net N is a tuple (S,T,do,di,g), where S is the set 
of places, T is the set of transitions, dQ,d\\T — >■ S'® are the pre and post-set 
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functions, and <;: T — >■ S'® is the context function. Besides the usual assumption 
that (,{t) and doft) (Bdift) are disjoint for each transition t, we assume that c,(t) 
is a set. 

Informally, 9o(t)©>?(i) is the minimum amount of resources that t requires to 
be enabled. Of these resources, those in doft) are retrieved and consumed, while 
those in <;{t) are just read and left on their repositories. When t has accomplished 
its task, it returns di{t) fresh tokens and releases the context. Only at this point 
other transitions will be able to consume the tokens in whereas they can 
use the same context concurrently with t. 

Definition 2. Let u and v be markings, and X a finite multiset of transitions 
of a contextual net N = {S,T,dQ,di,g). We say that u evolves to v under the 
step X, in symbols u [X) v, if the transitions in X are concurrently enabled at 
u, i-e., ® 0tGT^W ■ ^o(i) C u, and 

u = 0 X{t) ■ 9o(t) I © 0 x{t)-diit). 

\t£T / teT 

A step sequence from uq to Un is a sequence uq [Xi) u\ . . . Un-i [Xn) Un- 

Thus the execution of the step X requires that the marking u contains at 
least all the tokens in the preconditions do{t) of transitions t G X plus at least 
one token for each place that is used as context by some transition in X . This 
matches the intuition that a token can be used as context by many transitions at 
the same time. From the point of view of concurrency, the fact that transitions 
in X are executed in a step means that they can be equivalently executed in 
any order. Thus, likewise ordinary pt nets, step sequences for contextual nets 
can be considered up to the equivalence induced by the diamond transformation 
relation _o _ defined hy u [X ®Y) v o u [X) ui [T) v for any step u [X ®Y) v 
(and suitable Ui). The diamond equivalence is the reflexive, symmetric, transitive 
and sequences concatenation closure of the relation _ o _. 

Definition 3. Given a contextual net N , the strictly symmetric strict monoidal 
category (cf. S \1.‘A) of contextual commutative processes CT{N) has the mark- 
ings of N as objects, its step sequences, taken modulo the diamond equivalence, 
as arrows, and composition is given by sequence concatenation. 

In the ITph, computations are commonly described in terms of structures 
representing the causal relationships between event occurrences. In the case of 
nets, this is fruitfully formalized through the following notion of process. We 
remark that these notions are conservative extension of the corresponding no- 
tions for ordinary pt nets, to which they reduce in the absence of read-arcs. 
The relation _ ^ _ referred to in the definition below is the least preorder in 
which t precedes t' , written t Z' t', if either di{t) fl {do{t') U see 

Figures EKa) and or <;{t) n do{t') yf 0, see Figure |^c). (Relation - - 

is used in m for nondeterministic contextual processes; note however that we 
deal with deterministic processes only.) 
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Fig. 3. Three situations in which t (immediately) precedes t' . 



Definition 4. A (deterministic) contextual process net is a finite, acyclic w.r.t. 
/^, contextual net 0 such that 

1 . for all t GT 0 , doft) and di{t) are sets (as opposed to multisets), and 

2. for all pairs to ^ ti €Tq, difto) H difti) = 0, for z = 0, 1 . 

Remark 1. One could argue that in the contextual process net illustrated in 
Figure 0c) the transition t' might also fire before t, inhibiting it. In fact, this 
cannot be the case. Since the net is a process, i.e., the description of a deter- 
ministic run, both t and t' must be fired, and the only possible interpretation is 
that t must execute before t' . There is however no causal dependence between 
the two events, but only a temporal one. Therefore t t' means that t precedes 
t' , either causally or just temporally. 

Two transitions t and t' in a deterministic occurrence net are called concur- 
rent if they are not related by (i.e., if there is none of the two transitions 
that causally or temporally dependends on the other) . We remark that the same 
definition does not apply to nondeterministic processes, where the concurrency 
relation must be defined on arbitrary sets of transitions and not just on pairs. 

Definition 5. A contextual process tt of a contextual net N is a contextual 
process net 0 together with a pair of functions {ttt, x's), where ttx'- Tq — >■ T/v and 
ITS'. Se — >■ Sn, that respect source, target and context, i.e., such that d^i ottt = 
ITS o doi, for i = 0,1, and <,n ° = t^s ° ^e, where the symbol o denotes 

the ordinary composition of functions. Contextual processes are considered up to 
isomorphism. 

If no confusion can arise, we denote the components and tts just by tt. 

1.2 Petri Nets Are Monoids 

The paper m built on the monoidal structure of markings to provide an al- 
gebraic characterization of the concurrent computations of nets. The basic idea 
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was to lift the structure of states to the level of transitions, providing an al- 
gebraic representation of concurrent firing. In turn, these ‘algebraic’ steps can 
be sequentially concatenated in order to express more complex computations. 
While sequential composition endows computations with a categorical structure 

- markings are objects, computations are arrows, and idle tokens are identities 

- the parallel composition yields a tensor product. The interplay of parallel and 
sequential composition, regulated by functoriality of tensor products, models a 
basic fact about concurrency, namely that concurrent transitions can occur in 
any relative order. Under the CTph the tensor product can simply be commuta- 
tive. Then, each pt net N freely generates a strictly symmetric strict monoidal 
category T{N) whose arrows are in bijection with the commutative processes of 
N 0. 

Under the ITph the situation is more complex. To be able to model causal 
dependencies, multisets of transitions are not enough. Degano, Meseguer and 
Montanari proposed to keep simple markings as objects, but to consider a tensor 
product non commutative on the arrows, together with a collection of arrows 
that may be used to explicitly change the order in which transitions fetch and 
produce tokens H3|. Such arrows, collected together as the components of a 
natural isomorphism, turn out to be the classical notion of symmetry in category 
theory, thus leading to the construction of a (non strictly) symmetric strict 
monoidal category V{N) for each net N , whose arrows define the eoneatenahle 
proeesses of N. A more concrete construction, Q(7V), was introduced in [32j in 
order to remove some deficiencies of the previous approach. The main feature of 
Q{N), which captures the so-called strongly eoneatenahle processes, is that its 
objects are strings rather than multisets of tokens. 

For the reader’s convenience, we briefly recall the definition of monoidal cat- 
egories and related concepts. As usual, for C a category, we denote the identity 
arrow on the object u by u ^ u and the composition of two arrows f:u^v 
and g:v ^ w hy f] g:u ^ w (i.e., the operation _ composes in the diagram- 
matic order). In what follows we let Oc and Ac denote respectively the objects 
and the arrows of C and let x denote the ordinary cartesian product of categories. 

Definition 6 . A strict monoidal category is a triple (C,0,e), where C is the 
underlying category, the functor ®:C x C ^ C is called tensor product and 
the object e € Oc is called the unit. Moreover, the tensor product satisfies the 
associativity law f®{g®h) = {f®g)®h for all f,g,h£ Ac and has the constant 
functor associated to e as neutral element, i.e., id^ ® f = f = f ® ide, for all 

f e Ac. 

For non-strict monoidal categories, the associativity and unit laws are sat- 
isfied only up to suitable natural isomorphisms. Since we shall always consider 
strict monoidal categories, the adjective ‘strict’ can be omitted to simplify the 
terminology. When the tensor product is commutative up to a suitable natural 
isomorphism, the monoidal category is called ‘symmetric’. 

Definition 7. A symmetric monoidal category is a j-tuple {C,®,e,y), where 
(C, ®, e) is a monoidal eategory and 7 : _i ® _2 => -2 ® -1 is a natural isomor- 
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phism satisfying the Kelly-MacLane coherence axioms expressed by the following 
equations: 



'yv^u ‘^du ^ tdy 

yiu,v0w — ® idw\ (^idy 0 ^U,w) 

for all objects u,v,w € Oc ■ 

Note that the equality = idy follows from the fact that u ® e = u to- 
gether with axioms above. When 7 is the identity natural transformation, then 
the tensor product is commutative and the category is called ‘strictly symmet- 
ric’. Commutative products are often denoted by the additive symbol © instead 
of ®. The arrows of a symmetric monoidal category that can be obtained as 
the sequential and parallel composition of identities and symmetries are called 
permutations and ranged by cr, a', tJi, and so on. 

Definitions. Let (C,©,e) and {C',®',e') be monoidal categories. A functor 
F:C — >■ C' is called strict monoidal if F{e) = e' and F{f ® g) = F(f) ©' F{g) 
for all f,g G Ac- 

Again, we shall omit the term ‘strict’, since all monoidal functors that we 
consider are so. The category of monoidal categories and monoidal functors is 
commonly indicated by MonCat. Moreover, we denote by CMonCat the full 
subcategory of strictly symmetric monoidal categories, and use CMonCat® for 
the full subcategory of CMonCat consisting of categories whose sets of objects 
are freely generated commutative monoids. In particular, we have that both 
T{N) and CT{N) belong to CMonCat®. 

Definition 9. Let (C,©,e, 7 ) and (C', e', 7 ') be symmetric monoidal cate- 

gories. A monoidal functor J^:(C,©,e) — >■ (C',©',e') is called symmetric if 
F{lu,v) = 1 'f{u),F(v)- 

We denote by SSMC the subcategory of MonCat whose objects are sym- 
metric monoidal categories and whose arrows are symmetric monoidal func- 
tors. Let SSMC® (resp. SSMC®) be the full subcategory of SSMC consist- 
ing of monoidal categories whose sets of objects are freely generated monoids 
(resp. commutative monoids). Note that the tensor products of categories in 
SSMC® are not necessarily commutative: the superscript © refers to commu- 
tative monoidal composition of objects only, not of arrows. We have 'P(N) G 
SSMC® and Q(N) G SSMC®. 

2 Collective Contexts 

In 1221, Meseguer suggested to represent contexts in rewriting logic theories by 
considering two kinds of entities for each term: ‘counters’ and ‘copies’. Given 
a term, one can release as many copies of it as needed, while recording the 
number of such copies in the corresponding counter. Copies can only be accessed 
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(1) 


(r )^ © (r ) =r 


(5) 


((r)-)-=0 


(2) 


((r)-) +=(r)- 


(6) 


((r)+)' = (r)" 


(3) 


(r © s)4'=(r )■*■ © (s)"*" 


(7) 


(r © s)’ = (r)" © (s)" 


(4) 


(0)+=0 


(8) 


(0)-=0 


(unit) 


r © 0=0 


(ass) 


r © (s © r')=(r © s) © r' 


(comm) 


r © s=s © r 







Fig. 4. 



as contexts. On the contrary, when rewriting a term, one has to retrieve the 
counter and as many copies as indicated by the counter. That is, all the copies 
ever released. Formally, in the case of contextual nets, the data type of places is 
modified as follows: 



a = (a, 0) 

(a, n) = (a, n + 1) © [a] . 

The terms having the form (a, n) (for a a place and n a natural number) are 
counters, and the [a] are copies, with a = (a, n) (B n ■ [a]. Then, a transition with 
precondition a, context b and postcondition c becomes a rewrite rule a © [6] 
c © [6] with a self-loop on a copy of b. However, this fits well with the CTph 
approach only. 

We tried to characterize the algebraic structure that gives the basis for 
Meseguer’s encoding and have come out successfully with a representation that 
can be extended to deal with the ITph as well. As explained in the Introduction, 
we build the algebraic theory over a non- free monoid of places. In particular, 
apart from the commutative monoidal operation _ © _ with unit 0, we consider 
other two operations (_)■*■ and (_)” that are axiomatized as in Figure 0, where 
we also included the ordinary unit, associativity and commutativity axioms for 
_ © _. Quite simply, these mean that (_)'*' and (_)” are monoid homomorphisms 
- laws (3), (4), (7) and (8) - such that (_)+ © (_)“ = id, (_)+ o (_)“ = (_)“, and 
(_)“ o (_)“ = 0. Observe that (6) actually follows from (1), (7) and (5). We call 
the elements of this algebra molecules, ranged over by r , s, .... Given a set S, 
we let p{S) denote the set of molecules generated by S, i.e., p{S) is the quotient 
term algebra generated by S over the signature with 0, ©, (_)+ and (_)” (modulo 
the axioms in Figure 0. 

By these laws we can always eliminate consecutive applications of (_)'*" and 
(_)“, except for sequences of (_)+. We shall write as a shorthand for (_) + 
applied k times to r and omit the parentheses. We assume = r, but we 
remark that in general r + = r ^ r . 

Lemma 1. For each molecule r G p{S) and each k gN, we have (r^)~ = r~. 
Proof. By induction on k, applying law (6). ♦ 
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r G /i{S) 
idr : r — >■ r 

a:r^s, f3: s ^ s' 
a\ fd'.r — >■ s' 



t£T 

t: © do(t) <;{ty © di{t) 

a:r — >■ s, /3:r' ^ s' 
a©/3:r ©r'^s©s' 



Fig. 5. 



a; (/3;5)=(a;/3);<5 
a©(/3©5)=(a©/3)©5 
(a; /3) © (<5; ??)=(« ® <5); iP ® v) 



a; ids=idr ; a = a? 

ct © P=P © a 

© ids 



Fig. 6. 



a © id 0 = a 



Proposition 1. For each molecule r G IJ-{S) and each k G N, we have = 
r © r 

Proof. By law (1), we have r* = (r^)+ © (r^)“, and (r ^)” = r” by Lemma[Il ♦ 

Corollary 1. For each molecule r G ^J'{S) and each k gN, we have r = © 

k ■ r ~ . 

Of course we are interested in molecules generated from places, which can 
be of two forms: either or a”. From the computational point of view, the a~ 
are the basic contexts and carry very little information, since the nucleus can 
produce as many of them as needed. To appreciate the point, we can think of 
the tokens as ticket rolls with unbounded number of tickets available. Readers 
just take a ticket and return it after use for recycle, whereas consumers must 
retrieve the entire roll, including all used tickets. 

Definition 10. For N — {S,T,do,di,i;) a contextual net, define A4{N) as 
the category in CMonCat with objects the molecules on S, and arrows gen- 
erated from the rules in Figure\^ modulo the axioms of strictly symmetric strict 
monoidal categories in Figure\^ 

We can now characterize contextual commutative processes algebraically. 

Theorem 1. The category CT{N) is isomorphic (via a monoidal functor) to 
the full subcategory of M{N) whose objects are S'®. 

A very important property needed in the proof is what we call the maximum 
sharing hypothesis, that can be expressed as in the proposition below. This con- 
tains the core of the CTph for contextual nets, since it shows that whenever two 
or more tokens in the same place a are used as contexts, we can always find an 
equivalent computation where only one token in a is used (twice or more) as a 
context. In other words, tokens in the same place are completely interchangeable 
in contexts. 
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Proposition 2. For each molecule r G tr{S) and k,n gN, we have r" © r ^ = 

^n+k 0 ^ ^ 

Proof. By Corollary^ we have r ©r =r”+^©r^©fc-r“. By commutativity 
(and associativity) of _ © _ we get r © r = r ©fc-r“©r^. By applying 
k times Proposition Q we have the result. ♦ 

Before proving Theorem Q we need some other technical lemmata. 

Lemma 2. Each molecule r G fk{S) factorizes uniquely as u(Bre(Br^ wher^ 

t> u G S® ; 

[> Te = A:i • a) © . . . © with n > 0 and k^ > 0, for i = 1, . . . , n; 

[> r„ = © ... © b’fi" with m > 0 and hj > 0, for j = 1, . . . , m; 

where all the and bj are distinct places. 

Proof. The normal form representation follows by observing that and (_)” 
are monoid homomorphisms and, therefore, distribute over ©. Then, by laws 
(2), (5) and (6), we can reduce the molecule to the ‘sum’ of places a, electrons 
a~ and nuclei . Then, by Proposition El we can simplify the expression to a 
form where at most one nucleus with /i > 0 is present for each a. Finally, if 
both and k ■ a~ are present in the expression, we can simplify the expression 
according to the following three possibilities, until all the nuclei and electrons 
refer to different places. 

{h > k): then of = and, by LemmadJ k ■ a~ = k ■ hence © 

k-a~ = ( 0 '^-'=)'= © k ■ by Corollary □ 

{h= k): then a* © fc • a“ = a by Corollary ^ 

{h < k): then © fc • a“ = © h • a“ © (fc — h) • a“ = a © (/c — h) • a“ by applying 

Corollary [D to © h • o” . ♦ 

Lemma 3. If the source of an arrow a G M{N) factorizes according to 
Lemmdy^ as m © re © rn, then a\u® r^® r^ — >■ r © re © r„ for some v G S'® . 

Proof. It is straightforward to observe that re and r^ are invariants of the gen- 
eration rules in Figure 0. ♦ 

Lemma 4. Each arrow S:r s in M{N) can be decomposed as 

(fi © idj. ^ ) , (f2 © tdj. 2 ) , . . . , (t/c © idj. ^ ) , 

for some k > 0, where all the p are transitions. 

Proof. By structural induction on the expression denoting S. The complex case 
is when S = a ® p. We can then apply the functoriality of © to get 5 = (a © 
idr')',{P® ids') where r' is the source of /3 and s' is the target of a. Then we 
apply the inductive hypothesis to a and p. ♦ 

^ We choose the subscripts ‘e’ and ‘n’ as abbreviations for ‘electron’ and ‘(uncomplete) 
nucleus’, respectively. 
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We are now ready to prove the main theorem. 

Proof, (of Theorem^. We start by defining the functor F:CT(iV) — i A4{N). 
Given a generic step sequence uq [Xi) ui . . .Un-i [Xn) Un with length n (repre- 
senting a generic arrow in CT{N)), we let 

F(rto [^l) . . . Un—± Uyi} — F(wo [^l) ttl), • ■ • , F('Uj^_i [A^n) ^n); 

with F(u [A) v) as defined below. Let 

> ux = 046 Lxj ^0 • ^o(i); 

^ VX= 046 [XJ ^0 ■ 00; 

1> Wx = 04SLXJ ^0 • ^0- 

We can assume that 



Wx = ki ■ ai® k^- a 2 ® ■■ - ® km - am 

with m > 0, ki > 0, for i = 1, . . . ,to and all the at different places. Since the 
step A is enabled at u, then u = u' ® ux ® L'^^xJ for some u' G 5®. Hence 
V = u' ® vx ® L'^^xJ • With this notation fixed, let 

F(u [A) v) = idu' © A © id^ki © id^k^ © ... © id^k^ ■ 

Note that with this definition, the ki tokens needed as context relatively to place 
Qi yield an idle nucleus for f = 1, . . . , m. Also notice that when A = 0 the 
result is just the identity on u. 

To show that the mapping F is well-defined we must show that it respects 
the diamond equivalence, i.e., that when m [A © A) u is defined, then 

F(m [a © a) u) = F(w [A) Ml); F(mi [A) v) 

with Ml uniquely determined by u and A. This follows easily by definition of F 
and by the functoriality of the tensor product. 

To show that F is faithful it suffices to observe that the only axiom that 
potentially may break this property (i.e., that could induce too many equali- 
ties on terms) is the functoriality of tensor product which, on the other hand, 
corresponds precisely to the diamond equivalence. 

Finally, to show that F is full (on the full subcategory of Ad (A) whose objects 
are markings), we take a generic arrow o:m — >■ m G Ad (A) with m, m G S® and 
show that there exists a step sequence in CT{N) that is mapped to a by F. In 
fact, by Lemma ^ we take a ‘linearization’ of a (i.e., a sequential composition of 
transitions in parallel with identities) and show that the obvious firing sequence 
associated to it can be executed in A. In doing this we employ Lemma 0 and 
the fact that m G S®. Observe that this construction defines the inverse to F. ♦ 

Example 1. Let us consider the net A in FigureQ In Ad (A) we have three basic 



arrows 
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a c b 




Fig. 7. 



[> to: O © c” — >■ c”, 

\> ti : 6 © c“ — >■ c“ and 

\> t2-C^ 0, 

but neither to, nor ti can represent a commutative contextual process, since their 
sources and targets are not elements of 5"® . To remedy this, we must put to £^nd 
ti in an environment where the c” become instances of a ‘complete’ token, as 
id^+ © to: a © c — >■ c and id,,+ © ti : 6 © c — >■ c. The concurrent execution of to and 
ti with shared context is instead written as tdcs © to © ti : a © 6 © c — >■ c: since 
two electrons are needed the idle nucleus has ‘degree’ 2. By the functoriality of 
_ © _, we have that 

idc2 © to © ti = {id^+ © to © idb); {id^+ © ti) = {id^+ © ti © ida); {id^+ © to), 

(recall that idc 2 © id^- = id^+), i.e., to and ti can execute in any order. Also 
interesting is to observe that 

{id^+ © to) © ((idj,+ ® ^i)i ^2) = ((*c^c+ ® ^0); ^2) ® ® ^1)1 

i.e., we have no causal information about the token consumed by t 2 '. is it the 
one read by to, or the one read by ti? In fact by id^+ © to = {id^+ © to); idc and 
applying the functoriality of © we have: 

{id^+ © to) © {{id^+ © ti); t2) = {id^+ © to © id^+ © ti); {idc ® ^ 2 )- 

Then, idc(Bt 2 = t 2 ®idc by commutativity of © and by applying the functoriality 
(in the opposite direction than before) we get the equality. Furthermore, 

id^+ © to © id^+ © ti = idc2 © to © ti © idc 

(by Proposition El and the commutativity of ©), and thus 

{idc+ ©to)©((tdc+ ®^i); ^ 2 ) = (idc2 ©to©ti©tdc); (*dc©t2) = idc^ ©to©ti©t2 

i.e., to, ti, and t 2 can be executed in a concurrent fashion without the possibility 
of distinguishing this case from those in which t 2 causally depends on to or ti . 

Since a pt net N can always be seen as a contextual net with no read-arcs, 
in which case the commutative contextual processes of N are just the ordinary 
commutative processes (cf. § II .21 and m), then by Theorem Q we obtain the 
following corollary. 
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Corollary 2. If N is a pt net, then T{N) is a full subcategory of M{N). 

We remark that the constructions we have shown can be easily extended to 
deal with multiplicities on read-arcs (i.e., to the case in which gft) is a multiset 
rather than a set). 



3 Individual Contexts 

The maximum sharing hypothesis creates obvious problems when dealing with 
the ITph, whose entire point is to be able to recognize which electrons are emitted 
from each token. For ordinary pt nets, the information about causality is recov- 
ered in the algebraic setting by using (non strictly) symmetric strict monoidal 
categories, i.e., by introducing symmetries to control rearrangements of tokens 
in process sequential composition. While at the level of states one can still view 
standard markings as indexed collections of ordered tokens (rather than resort- 
ing to take as states the elements of the free monoid on places, i.e., strings of 
places), at the level of computations (arrows), however, the tensor product is 
not commutative anymore, so that one is able to interpret in a canonical way 
the correct flow of causality through token histories. Thus, the first attempt to 
a uniform extension of the CTph treatment of the previous section to the ITph 
view is to introduce symmetries on molecules. 

There is however another problem to solve. Since the context g{t) is modeled 
by a self-loop on g{t)~ , two transitions with the same context can be concatenated 
on it, as if one depended on the execution of the other. This spurious causal 
dependency is to be avoided, as it gives rise to a wrong semantic model. To 
some extent, one would like to follow the ITph on ‘complete’ molecules (standard 
markings), and the CTph on electrons of the same nucleus, so that one has 
no information about which electron is consumed by a firing, but only about 
which molecule it comes from. We therefore need a canonical interpretation of 
molecules that respects this intuition. To fix the ideas, we take initially a non 
commutative monoidal operation ® on molecules. Let us consider the molecule 
a'^ a~ a~ a~ . We would like to view it under an interpretation that 

connects each of the three electrons with one the two nuclei, and that is invariant 
not only under all possible computations that can originate from the state, but 
also under composition of the molecule to form larger states. Our idea is to 
associate an electron to the first incomplete nucleus (ion) that precedes it. In the 
present case, for instance, the first electron is associated to the second ion (a+), 
while the second and third electrons (the two rightmost in the expression) are 
interpreted as electrons released by the leftmost ion a^. A good way to explain 
the mechanism, is to view ions as open parentheses and electrons as closing 
parentheses, where of course an ion opens several parentheses, namely k, at 
once. Clearly, we are mainly interested in balanced expressions, but unbalanced 
expressions must exist, and can always be completed by parallel composition to 
yield balanced terms. To complete the picture, consider now that the order in 
which atoms, nuclei and electrons of different kinds - i.e., coming from different 




444 



Roberto Bruni and Vladimiro Sassone 



(9) 


a“*" 0 a =a 


(13) 


(p~y=0 


(10) 


(p')+=p‘ 


(14) 


(p+y=p- 


(11) 


(p 0 q)^=p^ 0 


(15) 


0^=0 


(12) 


0 0 


(16) 


a 0 a~ =a~ 0 a 


(l.unit) 


0 0 p=p 


(ass) 


p ® (q ® p') = (p ® q) ^ p' 


(r.unit) 


p 0 0=p 







Fig. 8 . Axioms for bimolecules (with 07^66 5', 5, e£NU{ } and X ^ {~*"i })• 



places - appear in an expression is not relevant. Hence, the monoidal operation 
0 better be commutative in such situations. In other words, we have: 

0 fe”*" 0 a” 0 &” = 0 0 6” 0 a” = 0 6 0 a” = 0 a” 0 & = a 0 5, 

but we definitely want that a“'" 0 a“'" 0 a” a+ 0 a” 0 a+, because the particle a~ 
in the two terms is associated to different nuclei and, therefore, the two states 
may give rise to different causal histories when a transition reads that particle. 

We call bimolecules, ranged over by p,q, ■ ■ ., the (generalized) markings of the 
algebra illustrated above. It includes a set of axioms almost identical to those in 
Figure 0 plus some extra axioms to deal with restricted commutativity. Given a 
set S, we write v{S) for the set of bimolecules on S. The complete axiomatization 
of bimolecules is shown in Figure 0 Note that law (9) - the analogous to (1) 
for molecules - on bimolecules applies only when a nucleus is immediately on 
the left of an electron, i.e., a” 0 a“'" a. Furthermore, while law (1) applies to 
generic molecules, law (9) deals with a single atom (place) a. 

The final and key ingredient in our construction is to abandon the symme- 
try of the monoidal categories involved. With a step similar to the one that 
led from strictly symmetric to symmetric categories, we choose (non symmet- 
ric) monoidal categories to which we adjoin exactly and only the symmetries 
we need. In this way, we are able to omit those symmetries that would cause 
migration of electrons from atom to atom. In the following we shall build on a 
construction somehow intermediate between V(N) and Q(N) for pt nets 1 1 2KV2] 
and, therefore, take a non commutative monoid of objects: it is commutative 
only on some objects, in particular on the markings. We use the symbol 0 for 
the monoidal operation and denote the free monoid on the set S by S'®. 

Definition 11. For N = (S, T, do, di,<;) a contextual net, B(N) is the monoidal 
category with objects the bimolecules on S, and arrows generated from the rules 
in Figure\^ together with the symmetries 

: a'^ 0 6*^ — 0 , for a ^ b € S and (5, e G N U {’}, 

la a- ■ a ^ a~ ^ a~ ^ a, 
la- a '■ a a® a~ . 
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P^v{S) teT u,veS^ 

idp-.p^p t; c(t)" (g) 9o(f) — t c(f)~ ® 9i(i) M (g) II — ^ n (g) « 

a\p ^ q, p-.q ^ r a\p ^ q, p-.p' ^ q' 

a-,p-.p^r a® p-.p®p' ^ q® q 



Fig. 9. 



or,(0\cr) = {a\P)-,a a, idg=idp; a = a (a; /3) ® (o'; /3') = (a ® «'); (/3 ® /3') 

a ® (/? ® o-) — {a (gi /3) (gi cr a (gi id 0 =idei (S a — a idp 0 q=idp <g> idq 

{a (gi /3); 7,,,'=7p,p'; (/3 (gi a) 7p,,; 7g,p=*<ip ® idq 7p,g®p=(7p,g ® irfp); (id, ® 7p,r) 

Fig. 10. 



The arrows are taken modulo the axioms of strict monoidal categories in Fig- 



ttreCZ] (whenever the 7’s are defined) and the laws: 

(t; t;a' = t (17) 

7a'5,b' = ida^0he , for a b G S and i5, e G N U {"} (18) 

7a.a- = (19) 

id^k ®t = id^k+i ®t® ida- (/\) 



for all transitions t:p ^ q, permutations a:p ^ p, a': q ^ q, and k > 0. 

Since 7„-^„ is inverse to 7^^^- = it follows that 7^-_^ = id^^^-. Note 

that we do not introduce symmetries such as 7^^- , j^k a- > and 7^). , for 
k,n > 1, that would allow the particles to flow from a nucleus to a different 
one. For example, starting from a® a~^ = a~^ ® a~ ® a~^ and applying an hypo- 
thetical arrow id^+ ^+, we would reach a~^ ®a~^ ®a~ = a~^ ®a, allowing the 
nuclei to exchange electrons, which is problematic. Another non-example would 
be applying the arrow id^+^^+ 0 7^- to a® a = a~^®a®a~ = a~^ ® a~^ ® a~ ® a~ 

because, after the exchange, the token of the first and second nucleus get con- 
fused. By forcing 7^- to be the identity we would confuse the electrons of two 
different nuclei, because of the naturality axiom, and by leaving it free we would 
allow again for electrons migration. In fact, our representation invariant is that 
the electrons associated to a certain nucleus in a bimolecule q are determined 
by following the discipline of proper nesting of open and closed parentheses. The 
absence of those symmetries maintains this invariant for us. 

Laws CH) and (nsi are classical laws for the V{N) construction; here they 
have a slightly more general role, because they also deal with nuclei and electrons. 
In particular, law (II YU is the analogous of axiom (fF) for pt nets (cf. [El)- 
Law m says that electrons can be freely moved around ‘complete atoms’ of the 
same kind. Law 0 is original and really central to our development. In fact, 
even though the symmetries 7^- are not allowed, we certainly do not want to 
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distinguish between electrons of the same nucleus (the first released, the second, 

. . . ), as otherwise we would obtain a notion of computation very concrete and 
far from our target, that is to capture algebraically the notion of contextual 
process. Axiom O takes care of identifying such particles, as the Example 0 
below illustrates. 

Example 2. Let N be the contextual net in Figure 0 Then we have three basic 
arrows in B{N) associated to the transitions of N: 

\> Iq. c ® a ^ c”; 

\> c; 

> t2'C^ 0 . 

Then, new arrows can be built by composing (sequentially and in parallel) these 
three arrows with identities and symmetries. For example, the arrow 
goes from ® c ® a ® c ® b = c ® a ® b to ® c ® c = c. Analogously we 
have the arrow idc^ ® ti ^ to', c ® b ® a ^ c. Then, it is possible to prove that 
these two arrows are identified in B{N). In fact, we have: 

idc 2 ® to ® ^1 = (*dc 2 0 to ® id^-^^)', (idc^ 0 id^- 0 ti) (by functoriality) 

= {id^+ 0 to 0 idb)', {id^+ 0 h) (by law|Z). 

Then, by naturality, we have to 0 idb = 7c-®o &i 0 to); % c“> these sym- 
metries are just identities and therefore to 0 idb can be replaced by idb 0 to in 
the expression above. 

idi;2 0 to 0 ti = {id^+ 0 idb 0 to)', {id^+ 0 ti) 

= {id^ 2 ^^~ 0 idb 0 to); {idc 2 0 ti 0 id^-) (by law El 
= idc 2 0 ti 0 to (by functoriality) 

Notice that, as formalised by the following Definition there is only one con- 
catenable contextual process that starts from a 0 6 0 c and involves exactly one 
firing of to and one firing of ti. By repeatedly applying law 0) we then have, 

e-g-, 

idc2 0 to 0 ti = idi,n+^+2 0 ti 0 id^,^~ 0 to 0 id.^,^- 

for all n, m G N. This means that the order in which the electrons are read is 
not important provided that they originated from the same nucleus. 

To establish our representation result we need to refine contextual processes 
in order to be able to concatenate them. As for similar cases in the literature, this 
leads to the introduction of an ordering on the tokens in the source and target 
of the process net, yielding the notion of concatenable contextual processes. 

Definition 12. For N a contextual net, a concatenable contextual process is a 
tuple (tt, 0, ^ 0 ) ^i)j where tt is a contextual process with underlying contextual 
process net 0, o,nd are partial orders on the minimal and maximal places 
of 0, respectively, such that: (1) x y implies that tt{x) = Tr{y); and (2) if 
X ^ y are minimal places (respectively maximal places) such that tt{x) = 'x{y), 
then either x <o V or y <o x (respectively, x y or y x). 
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As usual, concatenable processes are taken up to isomorphism. The two con- 
ditions imposed in the definition above ensure that we order only places of 0 
that are instances of the same place of N, and that on such places the ordering 
is total. 

Likewise concatenable processes of pt nets, a partial operation of sequential 
composition can be defined. Provided the target of process tt coincides with the 
source of process tt', it merges the maximal places of tt with the minimal places 
of tt' according to the orders and -<'g. 

Definition 13. Let (tt', 0', ~<'g, and {tt" , 0" , ~<'g , ~<'() be two concatenable 
contextual processes of a contextual net N , where Tq/ (T Tq'i = 0 and Sq' (T Sq" 
is both the set of maximal places for 0' and the set of minimal places for 0" , 
with tt'{x) = 7t"(x) for any x € Sq' (T Sq" , and x y iff x y for all 
x,y € Sq' nS'e". Then, their concatenation (tt, 0' U 0", ^o, ^") = (7r',0',^g 
, (tt", 0" , ^g, -<'l) is well defined, where tt is the componentwise union of tt' 

and tt" (i.e., tt(x) = tt'(x) if x € 0' and tt(x) = tt"(x) if x € 0"). 

The composition is well defined because by hypothesis we have tt'{x) = tt"{x) 
for all X & 0' C\0" = Se' (T Se", i-e., merged places have the same names. 

The parallel composition of two processes consists of taking their disjoint 
union and extending the orders on minimal and maximal places by cc -<i y 
whenever x belongs to the first process, y to the second, and tt{x) = irfy). 

Definition 14. Let (tt', 0', ^g, and {tt" , 0" , , ~<'() be two concatenable 

contextual processes of a contextual net N , where To^nTon = 0 and S'e'(TS'e" = 
0. Let S'g and S'f be the set of minimal places of 0' and 0" , respectively. Like- 
wise, let S'l and S'f be the set of maximal places of0' and 0" , respectively. Then, 
the parallel composition (tt, 0'U0", ^g, ^i) = {tt', 0', Ag, ^^)(g)(7r", 0", ^g, ^") 
is well defined, where 

\> TT is the componentwise union of tt' and tt" ; and 

> X y iff {x,y e S'- A x y) y {x,y € S'f A x <'f y) y {x £ S'^ A y £ 

Sf A tt'{x) =TT"{y)). 

It can be shown that with these two operations the concatenable contextual 
processes of N form the arrows of a strict monoidal category CV{N). Symmetries 
can be defined by taking a process that contains just places (no transitions) with 
suitable orderings ^g and ^i. Each place is both minimal and maximal. These 
symmetries make CV{N) a symmetric monoidal category in SSMC®. 

Definition 15. A concatenable contextual process is called elementary if it con- 
tains at most one transition. 

Definition 16. Given a contextual net N and a transition t G Tjq , the elemen- 
tary concatenable contextual process [t] = (tt, 0, ^g,^i) associated to t is given 
by 

t> S'© = {(a, 0,n) I a G [9g(t)J, 1 < n < 9g(t)(a)}U 

{(a, l,n) I a G L^i(t)J, 1 < n < di{t){a)} U {(a, 2, 1) | a G L<f(f)J} 
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O Te = {{t)}; 

» 9o{{t)) = {(a,0,n) | a e L^o(<)J, 1 < n < i9o(<)(a)}; 

[> di{{t)) = {(a, l,n) I a G 1 < n < di{t){a)}; 

[> Tr{{a,j,n)) = a and 7r((t)) = t; 

> {a, i, k) ^0 {b,j,h) iff a = bAi = j = 0Ak< h. 

\> {a, i, k) {b,j,h) iff a = bAi = j = lAk< h. 

Note that the places in {(a, 2,1) | a G [c(t)J } are both minimal and maximal. 
Only the trivial (empty) order is needed on them, because we rely on the basic 
assumptions that c(t) is a set and that c(t) O [9o(^) U5i(t)J = 0, for any t G T^. 

Proposition 3. Each elementary concatenable contextual process (tt, 6>, ^i) 

that contains exactly one transition, say x, can be obtained as cti; ([7r(a;)](8)tT2); fa 
for suitable elementary concatenable contextual processes ai, a 2 and <j^ that 
contains no transition. 

Proposition 4. The concatenable contextual processes of a contextual net N 
can be obtained as the sequential composition of elementary concatenable con- 
textual processes. 

Proof. Likewise the analogous statement for ordinary pt nets, the proof is by 
induction on the number of transitions in the process net (exploiting Proposi- 
tion 13) • ♦ 

Theorem 2. The eategory CV{N) is isomorphic (via a symmetric monoidal 
functor) to the full subcategory of B(N) whose objects are the elements of S'® 
(which is symmetric). 

Before proving the main representation theorem above, we need some tech- 
nical lemmata that state useful properties of the arrows in B{N). We start by 
extending some of the properties of molecules to the framework of bimolecules. 

Lemma 5. For each bimolecule p and each fc G N, we have {p^)~ = p~ . 

Proposition 5. For each place a and each k gN , we have ® a~ . 

Proof. The proof proceeds by induction on k. For the base case (fc = 0) we get 
a = (E) a~ directly by law (9). For the inductive case, we assume the property 

to be valid for k = n and prove it for k = n -\- 1. Then, 

0^+1 ^ definition) 

= (o"'*"^ (8> o”)^ (by inductive hypothesis) 

= (a”+^)+ (g) (a“)+ (by law 11) 

= (g) a” (by law 10). 



♦ 



This concludes the proof. 
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Corollary 3. For each place a and each k G N, we have a = ® k ■ a . 

Lemma 6 . Each bimolecule p can be decomposed as p = pi ®p 2 ®Pn, where 
each Pi has the form kip ■ a~ 0 0 0 ... 0 0 /’"* with Oi ^ aj, for i ^ j. 

Lemma 7. If p® q G S® , then for each u G S® we have p ^ u ^ q G S® . 

Proof. It suffices to prove the property for u G S, which can be done via a simple 
case analysis, exploiting the representation of p and q provided by Lemma El and 
applying law (16). ♦ 

Note that in the previous lemma, p and q are generic bimolecules and not 
necessarily markings, in fact p® q G S® does not imply that p G S® A q G S®. 
We can now state some invariant and decomposition properties for the arrows 
in B{N). 

Lemma 8 . If a = idp®^x,y®idq withp®x®y®q G S® , thenp®y®x®q G S® 

Proof. By a simple case analysis: all symmetries are collapsed to identities, ex- 
cept when X = y = a for some a G S. ♦ 

Lemma 9. If a = idp ®t®idq and p® <;{t)~ 0 do{t) ®qG S® , then p®q{t)~ 0 
di{t) ®qGS®. 

Proof. Follows from Lemma 0 ♦ 

Proposition 6 . Each a G B{N) can be decomposed as 

a = CTo; {idp^ ®ti® tri; {idp^ ®t 2 ® idq^), CT 2 ; . . . ; {idp^ 0 0 idq„)] an, 

where the ai are permutations (i.e., sequential and parallel compositions of sym- 
metries and identities) and the p are transitions. 

Proof. By structural induction. The complex case is for a = oi 0 02 for some 
ai:ri — >■ r[ and 02: ''’2 — t ’’ 2 - But then, by functoriality we have a = (oi 0 
idr^)', {idr'^ 0 02 ) and by inductive hypothesis 

ai = (Tg; {idp'^ 0 t'^ 0 a[; {idp<^ 0 4 ® idq’J; a' 2 ; . . . ; 

{idp-^^ 04 , ®idq-^y,a'^,, 

02 = o-g ; {idp'^ 0 t" 0 idq'^)\ tr"; (idp» 0 4 0 td,^'); cr^ ■ • • 1 

^ ^n" ^ 

Then, by functoriality: 

Oi 0 idr^ = (a'g 0 fdrj; {idp>^ 0 t) 0 idq/^^rj', ® idr^); (idp/^ 0 4 ® 

{a '2 0 idrj; . . . ; {idp'^, 0 4' ® idq'^^^r^)', (o’n' ® idr.^), 
idrj 0 02 = (*dr' 0 CTg ); ® t'{ 0 idq’^)', {idp^ 0 ct"); {idr'^^p'^ 0 t'f 0 td,^); 

{idp^ 0 CJ 2 ), . . . , (^4^0p7// ^ 4^' ^ ^dq'^,^ \ {I'dp^ 0 (7^//), 

From which the hypothesis follows trivially - ai = a'i ®idr^, for f = 0, . . . , n' — 1, 
an' = (a'n, 0 idra); {idr'^ 0 (Jg), and an'+i = idp^ 0 a", for i = 1 , . . . , n" . ♦ 
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The main law 0) can then be extended to generic arrows whenever we know 
that the rightmost electron belongs to the nucleus that precedes the arrow. 

Corollary 4. For each a:p^q€ B{N), a G S and k > 0 such that (Sip (Si 
a~ = ®p wc have id^k+i 0 a ® id^~ = ida^ ® o- 

Corollary 5. If a:u ^ q G B{N) with u € S'®, then q G . 

Proof. Consequence of Proposition El and Lemmata El and El ♦ 

Lemma 10. If a = idp 0 t idq G B(N) with t a transition and p 0 <((t)~ 0 
do{t) 0 9 S S®, then a = a; {id^^^^^+ 0 t 0 idu)\ <j' for some permutations a and 
o' and some marking u G S®. 

Proof. By the decomposition of LemmaEl and by the fact that the source of a is a 
marking, it follows that p — ■ .0 and q — ha-a~ ®h'^-a. 

It follows that each electron a” in c(t)~ belongs to the closest ion on the left of 
the electron (namely, the iath nucleus of type a in p with ia the greatest index 
ini < ia < Ua such that ka^i^ > 0). Moreover, the ha electrons of type a in q can 
be attached to their corresponding nuclei in p, by applying law 0- Therefore 
we have a = idp/ 0 1 0 id^ where p' = — 1) • a 0 a''" 0 (rza — ia) ■ a (if a 

is not read by t then the corresponding argument in the sum is just Ua ■ a), and 
V = ^a&s ^'a ■ Then, by naturality of symmetries, we have: 

a = {idpii 0 ® ® ® ^dyi^y); {idp>, 0 ® 

where p" = ^aesi'^a ~ 1) ■ a (S a~^ and v' = ^aesi''^o- ~ *“) ’ 
symmetries that we have used in the expression are defined since they involve 
the swappings of ‘complete’ tokens with either ‘complete’ tokens, or electrons. 
By naturality we have also: 

idp/' 0 t 0 ldu'(^y ‘^dy'l^y)^ 0 t 0 idy'l l^yl l^y) ^ 

,V" C) idy'0y) 

where v" — ^aesi'^o- ~ 1) ' “• By taking 

a = {idp" 0 ® idy)', (7i>",^(t)®c3o(t) ® idy/^y) 

<7 = (7<;(t)®9i(t),'u" ® idy/^y)\ {idp" 0 'l.;(^t)~0di(t),v' ® idy) 
u = v” (S v' (S V 

we have the thesis. ♦ 

Proposition 7. Each a:u y q G B{N) with u G S'® can be decomposed as 
a = (To; (id^(ti)+ ® ti 0 iduJ;(Ti; {id^^^.^-^+ 0 ^2 0 idyj; (T 2 ; . . . ; 

0 tji 0 ida^)j (Jny 

where the Oi are permutations, the ti are transitions and Ui G S®, for i = 

l,...,n. 
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Proof. The proof exploits the decomposition provided by Proposition and then 
applies n times the result of Lemma nm ♦ 

We are now ready to prove the main representation result of this section. 

Proof, (of Theorem\^. We start by defining the monoidal functor G:CP{N) — >■ 
B{N), which is the identity on objects. By Proposition El the functor is com- 
pletely determined by defining the mapping of elementary processes, since then 
G(a; P) = G(a); G(/3) and G(aC)/3) = G(a) ® G(/3). For symmetries, the mapping 
is the classical one (see e.g. the elementary process [t] associated to 

the transition t G Tpf, we let G([t]) = 0 t. It remains to prove that: 

1. G is well defined; 

2. G is full (on the full subcategory of B{N) whose objects are markings); 

3. G is faithful. 

The fact that G is well defined means that different decompositions of the 
same process in terms of elementary processes are mapped to the same arrow. 
This corresponds to show that different orderings of the events in a process 
(7 = (tt, 0, Ao, ^i) that are consistent with the ordering of events /’e yield the 
same arrow in B{N). To see this, it suffices to show that given a decomposition 
of the process cr, and taken any two concurrent events that are executed con- 
secutively according to the order imposed by the fixed decomposition, then the 
decomposition in which the two concurrent events are executed in the reverse 
order is mapped to the same arrow of a. The proof is easy (by functoriality of 
the tensor product) if the two events do not share a context. Otherwise, ax- 
iom must be employed, as we did in Example El Formally, we consider the 
process P — Pi; ([ti] 0 cri);a; {[t 2 ] 0 0 - 2 ); P 2 where cti is the identity process 
on the marking U 2 © i9o(0) © w, cr is the process associated to the permutation 
idu 0 7 iii®ai(ti),ti 2 ® 9 o(* 2 ) ® ^2 is the identity process on the marking 

u\ © 9i(<2) © V, i.e., <j(ti) = u © ui, <^(^ 2 ) = M © U 2 , and the two occurrences 
share the context u (note that while u\ and U 2 are not necessarily disjoint, the 
corresponding sets of tokens read by t\ and O in the process P are disjoint). 
Then, we have also P = P\;a'; ([^ 2 ] 0 cr 2 );cr"; ([ti] 0 a'l); a'" ; P 2 , for suitable 
permutation processes: 



a' 


associated to 


idu © 7iii©Oo(ri),r‘2®9o(t2) © idy^ 


^'2 


idle process associated to 


Ml © do{h) © V, 


a" 


associated to 


idu © 7li2®Ml(t2),Ul©3o(tl) © ^dy, 




idle process associated to U2 © di{t2) © v, 


a"' 


associated to 


idu © 7ui®Sl(tl),'U2®9l(t2) © "idy. 



Hence we want to prove that the two decompositions are mapped to the same 
arrow in B{N). More precisely, we show that 

G(([ti] 0 CTi); cr; ([^ 2 ] 0 0 - 2 )) = G(cr'; ([^ 2 ] 0 cr^); cr"; ([ti] 0 a[);a"'). 

The complete proof is shown in Figure El We briefly comment the critical steps: 
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Step we have exploited axiom da and then the fact that symmetries on 
electrons and tokens are identities to transform the second subexpression; 
Step It we have applied the naturality of symmetries to the first and second 
subexpressions - in order to match source and target of ti with the compo- 
nents of the symmetries, observe that ui ® u” = ® u” 0 since u and ui 

are disjoint; 

Step HB" we have used axiom la to transform the second and third subexpres- 
sions; 

Step 1^ - we have applied the functoriality of the tensor product to the second 
and third subexpressions; 

Step 1^ - we have applied the functoriality of the tensor product to the second 
subexpressions to reverse the order in which t 2 and t\ appear in the previous 
expressions; 

Step 1^ ' we have used axiom (ED to reduce the second and third subexpressions; 
Step we have applied the naturality of symmetries twice to expand the third 
subexpression; 

Step we have used axiom and then the fact that symmetries on electrons 
are identities to transform the first, third and fifth subexpressions. 

The fact that G is full follows from Propositions 0 and 0 since G([t]) = 
0 t. 

Finally, regarding faithfulness, let Pq and Pi be such that G(Po) = G(Pi), and 
let a be a term representing G(Pq)- Observe, by simply inspecting the axioms 
that define B{N), that all the possible choices for a have the same number 
of transitions. More precisely, exactly the same transitions occur in each term 
obtained by rewriting a according to such axioms. Moreover, by definition of G, 
these are in one-to-one correspondence with the transitions of Pq and with those 
of P\. We can therefore proceed by induction on the number n of transitions 
of a (and Pq and Pi) to prove that Pq and Pi are isomorphic processes. 

The base case, where n equals zero, is obvious, as a is simply a permutation. 
For the induction case, let fix any decomposition of a according to Proposition 0 
say 



a = (To; 0 ti 0 idui); CTi; {id^^t2)+ ® ^2 ® (T 2 ; . . . ; 

® ® ‘iduj; cr„, 

An argument similar to the one employed to establish the well-definedness of 
G, but working in the opposite direction, proves that all the steps needed to 
transform a in the normal form selected above can be mimicked both on Pq and 
Pi. It then follows that Pi., for i = 0, 1, can be written as Pi = P/; ap, {[tn] 0 
(t');(t", where G(Pq) = G(P{). Then, by induction hypothesis, we can conclude 
that Pq and P{ are isomorphic processes. It is then easy to prove that so are Pq 
and Pi. ♦ 

Besides the fact that all the arrows of B{N) have a meaningful computa- 
tional interpretation, a further advantage of the present approach with respect 
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G(([ti] (g) (Ji); cr; {[ 12 ] ® (J2)) = 

~ (^^^+0^+ C* tl ® ‘^^ U 2 ® do ( t 2 )® v )\ {idu (g) ^ u 2 ® d \{ t \), U 2 ® dQ { t 2 ) ® 

~ (*^^„+0„+ ® ^1 ® idu 2 ®do{t 2 )®v)'l (*^u+ ® 7 ui®u-®ai(ti),U 2 ®So(t 2 ) ® ) i 

(*^„+®^+ ® ^2 ® frfui®ai(ti)®D) (20) 

= ® 7„,®„-®a„(ti),.2®ao(t2) ® (*^„+®„2®8o(t2)®n+ ® ® 

(*^„+®„+ ® ^2 ® *rfui®ai(ti)®j;) (21) 

~ (*^„+ ® 7ui®i,-®ao(tl),U2®ao(t2) ® ('*^ii2®u+®u-®u2®ao(t2)®1‘l*' ® ®idv), 

(*'^^2®u+ ® ^2 ® 

= (*rf„+ ® 7„!®„-®ao(ti),^2®ao(t2) ® ® I 2 ® id^+ ® ti ® id^)\ (23) 

(*^u+ ® 7uj®u“®ao(tl),U2®ao(t2) ® ^^u)! (**^u2^„+ ® I2 ® ®u\®do{ti)®v^ ' 

(id , + _ +(g)ti(g) id„); (24) 

“ (*'^11+ ® 7 uj®ti-®ao(ti),u 2 ®ao(t 2 ) ® (**^„+|g,„+ ® I2 ® *dui®ao(ti)®u); 

(*d , + (g) ti (g) id„); (25) 

' -uT®u2®ai(t2)®uT 

= (*'^u+ ® 7 „i®t,-®ao(ti),u 2 ®ao(t 2 ) ® (*'^„+0ti+ ® t2 ® *dui®ao(ti)®i;); 

(*d^+ ® 7u2®ai(t2),“l®“"®ao(tl) ® *'^u)i (*‘^„+0„+ ® ® idu2®di(t2)®v)', 

(*rf„+ ® 7„i®^-®ai(ti),u2®ai(t2) ® ( 26 ) 

= (idu ® 7 iii®ao(ti),^A 2 ®ao(t 2 ) idv)\ (^^^^+0^+ ® ® idu^^do(ti)®v)] 

(idu (gJ 7 i^ 2 ®ai (t2),^i®aQ(ti) C' idv^] ®u~^ C' ti C' ^d^i2®ai(t2)®^j)i 

(idu ® 'yu\®d\{t2),u2®d\{t2) ®idv^-! (27) 

= G(cr'; ([t2] ® 0-2); cr"; ([ti] (g) cr()) 

Fig. 11 . The proof of G(([ti] (g) cti); <t; ([t2] (g) CT2)) = G(cr'; ([t2] (g) ctj); ct"; ([ti] (g) cr))). 

to the match-share categories of m is that the arrows of the model category 
corresponding to pure concatenable process can be distinguished just by look- 
ing at their sources and targets, rather than by inspecting their construction. 
And as for the CTph, our proposal is a conservative extension of the ordinary 
concatenable process semantics (cf. § II :z\ and P2EI1). 

Corollary 6. If N is a pt net, then V{N) is a full subeategory of B{N). 

Moreover, the present axiomatics of B{N) improves sensibly the construction 
presented in 0. In particular, the monoid of objects is here ‘morally’ commuta- 
tive, thus making redundant the idea of instances of transitions and the related 
axioms P2E1- Moreover, the exact sharing hypothesis has found a mature, sat- 
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isfactory formulation in terms of law which, among other things, allowed us 
to dispense with the particles a~. 

Concluding Remarks and Future Work 

Building on an important suggestion of Meseguer in Ea, we have shown a way 
to extend the algebraic semantics of pt nets proposed in El to contextual nets, 
both in the collective token and the individual token interpretation. The con- 
structions rely on the choice of a non-free monoid of objects, whose elements we 
called molecules and bimolecules. In the case of the collective token philosophy, 
our work extends Meseguer’s by identifying the maximum sharing hypothesis 
as the fundamental law of collective contextual processes. The key to transport 
these ideas to the individual token philosophy was to renounce to the symmetry 
of the monoidal category, being thus able to select only the symmetries consis- 
tent with our computational interpretation in terms of concatenable contextual 
processes. The axioms of exact sharing provided us with a way to regulate the 
interplay between all the different ingredients. 

Although we have worked only at the level of single nets, we believe that 
our approach can be extended to constructions between categories of nets and 
models, with restrictions analogous to those well-known in the literature 

As one of the anonymous referees suggested, it would be interesting to apply 
our algebraic approach to high level Petri nets. In fact, these are often used for 
modeling programming languages where expressions can involve several variables 
read but not modified, so that in the computational analysis of the associated 
nets it would be important to understand the maximum degree of parallelism 
allowed in complex steps. Since the definition of high level nets has algebraic 
foundations, we think that our approach could be extended to that framework, 
but this is outside the scope of the present paper and left for future work. 
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Abstract. In many systems, the values of finitely many parameters can 
be influenced in a continuous way by controls acting with possibly vary- 
ing strength over intervals of time. For this, we present general mod- 
els of continuous Petri nets and of continuous transition systems with 
situation-dependent concurrency. With a suitable concept of morphisms, 
we obtain a categorial adjunction between these two models, and often 
even a corefiection. This shows that the concept of regions is also ap- 
plicable in this continuous setting. Finally, we prove that our categories 
of continuous Petri nets and of continuous automata with concurrency 
have products and conditional coproducts. 

1 Introduction 

Petri nets have been a successful model for analyzing the behaviour of a variety 
of systems. Typically, these are described by finitely many parameters (condi- 
tions) which can be influenced and acted upon in finitely many ways. Whereas 
mostly only discrete values for the parameters and strength of the actions are 
considered, there is also widespread and growing interest in models with con- 
tinuous parameter values or actions taking place over intervals of time instead 
of instantaneously, cf., e.g., 0 for continuous Petri nets with varying maximal 
speeds. Moreover, hybrid models containing both discrete and continuous com- 
ponents have been investigated, see, e.g., [3 for differential Petri nets, or P for 
decidability results on linear hybrid systems. For surveys, many practical exam- 
ples and much research on such continuous and timed Petri nets, we refer the 
reader to m and the present Petri net series. 

It is the first goal of this paper to present a very general model for systems 
where the parameters can take on continuous values and the strength of the 
actions can be continuously distributed over intervals of time, both individually 
and in consort (concurrently). In examples, often there are finitely many con- 
trols which can influence the finitely many parameters of the system in such 
a continuous way, but here we admit also infinitely many parameters and con- 
trols. The static structure of the Petri net itself will be the same as for discrete 
place/transitions systems. The distribution of the strength of a control over an 
interval of time will be given by a control path, for which we admit piecewise con- 
tinuous and even just measurable functions. The total effect of this control path 
on a parameter is obtained by a simple integration process. The whole dynamic 
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behaviour of the system, i.e. the continuous change of the markings under the 
influence of control paths, leads to the model of a continuous transition system 
with concurrency. Here we only consider binary concurrency of control paths, 
but we allow auto-concurrency. 

The main goal of this paper is to investigate the relationship between these 
continuous Petri nets and properties of their dynamic behaviour, as given by 
the associated continuous transition system. Indeed, we wish to show that tech- 
niques from the discrete case also apply here. This is the theory of regions, first 
used for describing the relationship between elementary Petri nets and classes of 
transition systems by Ehrenfeucht and Rozenberg mi, Nielsen, Rozenberg and 
Thiagarajan |E|, Badouel and Darondeau P| and Winskel and Nielsen US] and 
for more general nets in Mukund H2| and in |h|ll)j ; for a survey, see ^ . 

Now we give an outline of this paper. First we develop basic results on the 
control paths involved (this requires only very basic integration theory of mea- 
surable functions). Then we present the model of continuous Petri nets, their 
dynamics and the associated automata with concurrency. Concurrency aspects 
will be illustrated by a simple example from engineering. We will define suitable 
morphisms for our continuous Petri nets and continuous automata with concur- 
rency, and we will show that these two categories are related by an adjunction. 
We will characterize the continuous automata arising from given continuous 
Petri nets algebraically, using the concept of regions. We will also show that 
the subcategory of such automata is related to the continuous Petri nets by a 
coreflection. Finally, we use this coreflection result to show that these categories 
have products and conditional coproducts. We close with a comparison of our 
continuous model to related results for discrete Petri nets and automata with 
concurrency relations. 



Acknowledgement. Rae Shortt died on July 11, 1999. I appreciated and miss 
him both as a friend and co-worker. M.D. 



2 Control Paths 

Let if be a non-empty set and let £{E) be the linear subspace of K'® comprising 
all vectors whose components form an absolutely summable sequence. If e S if 
and u G then the component of u is denoted {u, e). Thus £{E) is the set 
of all u G such that the norm 

ihii = X! 

e 

is finite. We note that in order for this sum to be finite, we must have (u, e) = 0 
for all but countably many elements e G E (since any uncountable sum of strictly 
positive reals is infinite). 

The space of all bounded real functions on E is denoted £°°{E). Thus £°°{E) 
is the set of all u G M'® such that 
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Ikiloo = sup|(M,e)| 

e 



is finite. Then £{E) C £°°[E). Also, we define the positive cone £'^{E) = {u G 
E^{E)- (w, e) > 0 for all e G A} and £+{E) = £{E) n 1 ^{E). 

We now let (., .) : £°°{E) x £{E) — > M be the usual bilinear pairing, that is 
(u, v) = u{e) ■ v(e). If now e € E, then we define e G £(E) to be the function 
given by 



e(e') 



1 if e' = e 
0 if e' yf e 



Then, by abuse of notation, we write simply e for both e and e. Thus, if u G 
£°°(E) and v G £{E), then 



{u,v) = ^ (u,e) {v,e ) , 

e 

which is consistent with the notation (u, e) introduced above. Holder’s Inequality 
implies that this sum is finite. 

Given sets E and E' , we see that every function r] : E ^ E' induces a 
function fj : £{E) — >• £{E') defined by 

(^(u),e') = ^'(u,e), (1) 

where the sum is taken over all e G if such that ry(e) = e' and is zero if there is no 
such e. It is easy to see that ^ is a linear transformation such that ||??(m)|| < ||m|| 
for all u G £{E). If m G £+{E), then fj{u) G £+{E') and ||t7(u)|| = ll'uji. Also, 
rj(e) = 77(e) G £+{E') for any e G if. We also remark that if rj' \ E' ^ E" is 
another function, then 77' o 77 = 77' o 77, as is easy to check. 

We now remark that if 77 : if — >■ if', u G £°°{E') and v G £{E), then 

{u,r]{v)) = {uoT],v) . (2) 

For the application we consider, E will represent a set of controls operating 
on a (physical or information-theoretic) system. These controls can be applied 
either singly or in consort, and each control can act with an adjustable intensity: 
thus, if ei, 62, . . . , e„ are elements of if, then the linear combination 

tiCi + ^262 tnCn (il ^ 0, . . . , > 0) 

represents the joint, simultaneous application of the controls ei,...,e„ with 
respective intensities ii, . . . ,t„. Certain infinite bounded linear combinations of 
controls are also allowed: in fact, every element u G £{E) with {u, e) > 0 for all 
e G if corresponds to a particular disposition of the controls, and conversely, 
each such ’’control profile” is represented by a positive function u G £{E). 

The state of a system will change with time, and the control profile can 
likewise be altered over time. The changing control profiles are given by the 
’’control paths”. A function c : M — >■ £{E) is a control path if 
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(i) c{t) > 0 for t > 0, and c{t) = 0 for f < 0; 

(ii) the quantity x{c) = sup {t : c(t) ^ 0} is finite 

(iii) there is some K >0 such that ||c(t)|| < K for all t > 0; 

(iv) the function c : M — >■ i+{E) is weakly measurable, i.e. for each e G E, the 
real- valued function on R given by t — >■ {c{t),e) is (Lebesgue) measurable: 
all continuous or piecewise continuous functions satisfy this mild condition. 

We denote by C{E) the set of all control paths for E. It is assumed that each 
control path accomplishes its ’’task” (i.e. its effect upon the system) in a finite 
amount of time: thus c{t) = 0 for each t outside the interval [0,x(c)] (condition 
(ii)) during which c acts. Condition (iii) means that the control profiles c(t) 
are uniformly bounded for t G M. If c : M — >■ i{E) is a control path, then 
w{c) : K — >■ i{E) is the weight function defined by 

{w{c){t),e) = / {c{u),e)du. 

Jo 

Using the boundedness condition (iii) for control paths, we check that 



\{w{c){t),e)\ = Y 




(c(u), e) du 



j-xic) 

c) 

||c(w) II du < Kx{c) 




so that ||?u(c)(t)|| < Kx{c) for all t > 0 . The function w{c){t) measures the cu- 
mulative effect of the control path c over the time interval [0, t]. Again, w(c)(t) G 
£+(E). We define the total weight of c to be the vector W{c) = lim w{c){t) in 

t—¥GO 

£+{E). 

The following result on the transformation of control paths will be essential 
for our morphisms both of continuous Petri nets and of continuous automata 
with concurrency. 



Proposition 2.1. Let rj : E ^ E' be a function which is countahle-to-one (i.e. 
r]~^{e') is countable for each e! G E'). Let c G C(E) be a control path for E. 
Then fj o c is a control path for E' , and w{fj o c) =fjo w{c). 

Proof. For each t >0 and e' G E' , we have, by (d) 

{fj{c{t)),e’) = Y {c{t),e ) , 

where the sum is taken over all e G U such that 77(e) = e' . Since 77 is countable- 
to-one, this sum is countable. Since c is a control path, each of the functions 
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t — >• (c{t),e) is measurable, and therefore so, too, is the function t — >■ {r]{c{t)) , e') . 
The other requirements for a control path are easily verified; in particular, we 
have ||77(c(t))|| = ||c(t)|| < iC. 

Next we verify the equality wirj o c) = 1) o w{c). For each e' G E' and t > 0, 
we have 



(w(? 7 oc)(t),e') 



[ {v{c{s)),e')ds 
Jo 

/ Y] {c{s),e)ds 
Jo 

f pt 

V / (c(s),e)ds 
^0 

{v{w{c){t)),e ) , 



(formula (0) 
(Beppo-Levi) 



so that wirjoc) = fjo(w{c)), as asserted. Again we note that since rj is countable- 
to-one, each of the sums is also countable: this allowed the exchange of 
summation and integral above. □ 



Trivially, the requirement that rj : E ^ E' he countable-to-one is satisfied if, 
for instance, E is countable. If c : K — >■ £{E) is a control path and s > 0, then 
Cg : M — i{E) is the control path defined by Cg(t) = c{t — s). Thus, Cg is the 
control path c ’’delayed” by s units of time. Also, c* : K — >■ £{E) is the control 
path defined by 



c\u) 



c{u) for M < t 
0 for M > f; 



Thus, c‘ is the control path c “cut off” after t units of time. 

If c and c' are control paths in C{E), then so is their point-wise sum c+ c' . If 
r > 0, then rc is again a control path. We see that C{E) is actually the positive 
cone of a partially ordered linear space. (We shall not have occasion to use this 
fact.) 

For each e G E, we define a control path c® by 



feif0<t<l 
0 if t > 1 or t < 0 



The control path c® corresponds to a ’’pure” application of the control e within 
the unit interval [0, 1] with all other controls set at 0. Recalling the identification 
of e with e G 1{E), we have then 






te if 0 < t < 1 
e if t > 1 



W{c^) = e. 
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3 Continuous Petri Nets and Concurrency 

Classically, a Petri net (PN) is defined as a quartuple (P,E,F,Min) such that 

1. P and E are disjoint sets; 

2. F = (Fi, F 2 ), where Fi : P x F — >■ N are arbitary functions {i = 1,2); 

3. Min : P — ?> N is an arbitrary function. 

Graphically, the elements of P and E are pictured as circles and rectangles, 
respectively. Each function M : P — >■ N, called a marking, represents a possible 
distribution of tokens or marks on the “places” in P: there are M(p)-many tokens 
on circle p. The marking Min gives an initial distribution of tokens. The number 
Fi{p,e) [resp. F 2 (p, e)] indicates the number of tokens taken from [resp. added, 
to] circle p when the event e € F occurs. 

More precisely, an event e G E can occur or fire at a marking M and lead 
to the marking M' = Me, also denoted by M — ^ M', if M{p) > Fi{p,e) and 
M'{p) = M{p) — Fi{p, e) + F 2 {p, e) for each p G P. 

Thus, the initial distribution Min of tokens is altered by a sequence of events 
61 , 62 ,... drawn from E. In this, the discrete, classical model, the quantities 
involved are integral, and the evolution of the system sequential. 

Usually, in place/transition systems, the letter T is used in place of F, which 
is employed in condition/event systems. However, here we use the letter T later 
for the transitions of an automaton. We turn now to a continuous model of such 
nets. 

Definition 3.1. A tuple M = {P, E, F, Min) is a continuous Petri net (CPN 
for short) if 

1. P and F are disjoint, non-empty sets; 

2. F = (Fi,F2), with functions F^ : P — >■ £“(F) {i = 1,2); we also write 

F{p) = (Fi(p), F 2 (p)) for all p G P\ 

3. Min '■ P R-i- is a given non-negative function. 

The elements of P represent the various ’’substances” that the system keeps 
track of, e.g. the various chemicals present in an organic cell whose concentrations 
collectively describe the state of the cell at a given time. In a classical Petri net, 
these are the ’’conditions” or ’’places”. 

The numbers (Fi(p), e) [resp. (F 2 (p), e) ] represent the amount by which the 
substance p is decreased [resp. increased] through action of the control e over a 
unit of time. In the cellular model, these are given by concentrations of chemicals 
p decreased [resp. increased] through e. In the classical Petri net, (Fi{p),e) [resp. 
(F 2 (p), e) ] is the number of tokens to be removed from [resp. added to] the circle 
p when ’’event” e ’’fires”: each e is represented as a rectangle, and the numbers 
{Fi{p),e) are attached to arrows between circle p and rectangle 6 , cf. Fig.d 

If A/" is a CPN as above, then a non-negative function M : P ^ R_|_ is called 
a marking of Af. Each marking represents a possible state of the system where 
the amount of substance p (concentration of chemical p, tokens on circle p ...) is 
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Fig. 1. Continuous Petri net 



M{p). The function Min is the initial marking, i.e. the initial state of the system. 
We let 

Af = {M : P — >■ M : M(p) > 0 for all p G P} 

be the set of all markings of Af. We now examine how a control path operates 
so as to influence and change a marking of the net. For markings M and M' of 
Af and a control path c : M — >■ i+{E), we write M — ^ M' and also M' = Me if 

(a) for each t > 0, the function Mt : P — >■ K defined by 

Mt{p) = M{p) - {Fi{p),w{c){t)) + {F2{p),w{c){t)) (3) 

is a marking of Af . (We note that this condition need only be checked for 
t < x(c); for t > x{c) the function w{c){t) is constant - the work of c 
is finished at time t = x{c).) As c operates over time, the marking M is 
continually transformed, and Mt is the intermediate marking at time t. 

(b) Mt = M'{= Me) for all t > x{e). (The marking M' is the end result obtained 
by applying the control path c to M.) 

(c) For each p G P and t > 0, there is some At > 0 such that 

{Fi{p),w{e){t + At) -w(e)(t)) < Mt(p). (4) 

(If the process governed by c is to begin removal of substance p at time t, 
then some sufficient quantities of this substance must already be present. 
This is similar to the requirement in the discrete case that Pi (p, e) < M (p) 
in order that e can Are at marking M.) 

We say that control paths c and c' are coneurrent at a marking M G AA 
and write c||mc' if for each s > 0, the markings M(c + c(.) and M(cs + e') 
exist. Taking s > x(c) [resp. s > x{e!)\ then yields the existence of the marking 
Mac' [resp. Me'e]. Linearity of the map c — >■ (e{t),e) then yields the equalities 
Mac' = Me'e = M(c + c(.) = M(cg + c') for all s > 0. 
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The existence of Med indicates that the ’’substances” p G P are present in 
M in sufficient quantity so as to allow the application of c and then are likewise 
present in Me so as to allow subsequent application of cb A similar formulation 
applies for Mdc. If c and d are concurrent at M, then both c and d may be 
applied in either order or simultaneously (as in M(c + d)) or one applied and 
then, after a delay, the other (as in M(c+c(,) or M{cs + d)), with the same result 
in each case. We note that in our formulation, auto-concurrency is allowed: it 
can happen that c||mc for certain control paths c. 

Given a control e G if, we define a marking M® G A 4 , putting M^{p) = 
(Fi(p),e). It is easily verified that the marking M®c® exists. Thus, each ’’pure” 
control path c® can operate non-trivially on some state of the system. 

It is useful to view the continuous Petri nets from the standpoint of category 
theory. We now describe the corresponding morphisms. Let Af = (P,E,F,Min) 
and Af' = {P' , E' , E', M'^) be CPN’s. A CPN-morphism from Af to Af is a pair 
(71,77), where n : P' ^ P and r] : E ^ E' are functions with 77 countable-to-one 
such that = Mi„o7r and F'{p')orj = FiOTr{p') for allp' G P' and 7 = 1 , 2 ; i.e. 
(F/(p'), 77(e)) = {Fi{Tr{p')), e) for all p' G P' , e G E and 7 = 1 , 2 . By formula Q, 
we obtain {F'{p'),r]{v)) = {Fi{TT{p')),v) for any p' G P',v G i{E). (Cf. Fig. El) 




The requirement that 77 be countable-to-one is due to Proposition Em which 
will be essential here and later on. The identity morphism on Af is the pair 
(idp,idE), where, for any set Z, idz : Z ^ Z is the identity function idz{z) = z 
on Z. 

We note that formally these are precisely the same kind of morphisms as 
defined in irm (and in El) for the classical discrete Petri nets. We will show that 
they are also a suitable concept for continuous Petri nets. 

It is easy to verify the 
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Proposition 3.2. Continuous Petri nets and their morphisms form a category 
in which the composition of two morphisms 



M M' ^ - 



M" 



is the morphism M J\f' , 



where tt = tt' o -k" and rj = rj" o t]' . 



We let CPN be the category of continuous Petri nets and their morphisms. 
Next, we show that these morphisms preserve the dynamic behaviour of contin- 
uous Petri nets. 



Proposition 3.3. Let (tt, rf) : J\f ^ J\f be a morphism between CPN’s with 
rj \ E ^ E' countable-to-one. Then 

(a) if M is a marking ofAf, then M ott is a marking ofAf; 

(b) if M is a marking of M and c € C{E) is such that M — ^ Me, then 

M o TT (M o Tr)fj o c = (Me) o 7 t; 

(c) if c \\m c' in M , then fjo c \\mo-k rjo d in AT . 

Proof. (a) Trivial. 

(b) Note that fj o c is a control path for AT due to Proposition 12. IL Also, 
w{fj o c) = rj o w{c). Now consider the function (M o 7r)t : P' — ?> R whose value 
at p' G P' is 

(M OTr)t(p') = M{tt{p')) - {F{{p'),w(rjoc){t)) + {F 2 {p'),w{p o c){t)) 

= M{tt{p')) - {Fiip')Mw{c)m + {F'ip'),rjiw{c)m 
= M{tt{p)) - {F[{TT{p)),w{c){t)) + {F 2 {TT{p)),w{c){t)) 

= Mt{TT{p')); 

we have proved that (M o tt)* = Mt o tt, so that (M o 7r)( is a marking of Af for 
each t > 0. Taking t > x{c), we obtain {M o Tr){rj o c) = (Me) o tt. 

It remains for us to check that for each t G M, p' G P' and At > 0, 

{F[{p'),w{r] o c){t + At) - w{rj o c){t)) 

= + At) - w{c){t))) 

= {Fi{TT{p')),w{c){t + At) - w{c){t )) ; 

since M — ^ Me, we have that there exists some At > Q so that this quantity is 
at most Mt{Tr{p')) = (M o Tr)t{p'), as required. 

(c) Suppose that M is a marking for Af and that c and c' are control paths of 
Af such that c \\m c' . Using parts (a) and (b) already established, we note the 
existence of the markings 

{M o 7 t)(p o (c -I- c^)) = (M o 7r)((rJ o c) -|- (p o c^)) 

(M o 7 t)(^ o (cs -I- c')) = (M o 7r)((rJ o Cs) + {p o e')) 

for all s > 0. 

□ 
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We now consider the connection between transitions M — ^ M' for markings 
in a classical Petri net and the control path transitions M — ^ M' described 
above. To each transition event e we associate the ’’pure” control path c® defined 
in section 2. Then for 0 < t < 1, we have 

Mt{p) = M{p) - (Fi{p),w{c‘'){t)) + {F 2 {p),w{c^){t)) 

= M{p)~ {Fi{p),te) + {F 2 {p),te) 

= M{p)-t (Fi (p) , e) + t {F 2 (p) , e) ; 

putting t>l yields Mi(p) = M'{p), as in the classical case. Since M — ^ M' in 
the classical net, we have (Fi(p),e) < M{p); it follows that for At = 1 — t > 0, 
we have 



{Fi{p),w{c^){t + At) - w{F){t)) 

= At {Fi (p) , e) = (Fi (p) ,e) -t{Fi{p), e) 

< M{p) -t{Fi{p),e) < Mt{p), 

this yields M Me® = M' . 

In this way, we see how classical Petri net transitions can be modelled by 
CPN transitions M — ^ M' . The latter transitions have the advantage that the 
quantities Mt{p) are always continuous functions of t. After executing them for 
one unit of time, we have obtained the same marking as in the classical discrete 
case. We will come back to this in the conclusion. 

Other kinds of Petri nets can also be expressed using CPN’s. This is in par- 
ticular the case for so-called “timed Petri nets”. These come in several varieties. 
Each models a system in which there is a certain delay between the start and 
completion. We consider two types (see 0, p. 189). 

1. P- timed nets: Here, a timing delay dp is assigned to each “place” p G P: clas- 
sically said, a “token must remain at p for time dp before it can be moved” . 
A continuous formulation of this is obtained by replacing the formula (0 
with 

Mt{p) = M{p)~ {Fi{p),w{c)(t - dp)) + {F 2 {p),w{c){t)). 

2. T- timed nets: In this model, a time log de is given to each “event” e G P. 
When e is called upon to act, de units of time must pass before e begins to 
take effect. In a CPN, this feature can be included by restricting attention 
to those control paths c such that (c{t) , e) = 0 for 0 < < < dg and e G E 
or by replacing each control path c G V{E) with c defined by (c(t),e) = 
{c{t — de), e) for all e G E. 

4 Continuous Automata with Concurrency; 
the Functors an and na 

After a brief discussion of classical automata, we introduce the notion of a con- 
tinuous automaton with concurrency (CAC) as an abstract, time-sensitive tran- 
sition system. Each CPN is seen to give rise to a corresponding CAC via the 
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functor na; we then give a functor an that synthesizes a concrete CPN for each 
given abstract CAC. 

Following |H|, we define an automaton with concurrency as a tuple 
A — {S, E, T, So, II), where 

1. S is an arbitrary set containing a distinguished element sq. (The elements 
of S are the states of the system; sq is the start state); if is a non-empty set 
disjoint from S; 

2. T is a subset of SxExS forming a partially defined function SxE ^ S', i.e. if 
(s, e, s') S T and (s, e, s") G T then always s' = s"; an element (s, e, s') G T 
is called a transition; we write s — ^ s'; 

3- II = (lls)seS is a family of symmetric binary relations on if such that if ei||se 2 , 
then there are states s',s",s'" G S so that (s,ei,s'), (s,e 2 ,s"), (s', 62 , s'"), 
and (s",ei,s'") are transitions in T: thus, from state s, state s'" can be 
reached by successive application of ei and 62 in either order eiC 2 or 6261 . 
(Here we do not require the relations ||s to be irreflexive; that is, we allow 
autoconcurrency. ) 

Next, we introduce a continuous model of such automata. In these, the ac- 
tions can act continuously over intervals of time to transform the states. This is 
modelled using control paths. 

Definition 4.1. A continuous automaton with concurrency (CAC for short) is 
a tuple A = (S', if, T, sq, ||), where 

1. S is a set containing a distinguished element sq. (The elements of S are the 
states of the automaton; sq is the start state); if is a set disjoint from S; 

2. T is a function defined on a subset of S x M+xC(if) taking values in S and 
such that 

(i) if c, c' G C{E), s G S, and t,t' G K+ are such that s' = T{s,t^c) and 

s" = r(s', t', c') exist, then s" = T(s, t + t' , A c(); 

(ii) if T(s, t, c) exists, then so does T{s, u, c) for 0 < u < t; 

(iii) if T(s, t, c) exists, then T(s, t, c) = T(s, t, c') whenever c' is a control path 

such that c'(it) = c(u) for all u < t; 

(iv) r(s, 0, c) = s for all s G S and c G C{E); 

3- 11= (IIs)sgS is a family of symmetric binary relations ||s on C; it is required 
that whenever c ||s c', then, for all t,u > 0, we have that 

T(s, t,c+ c'j,) and T(s, t, -|- c') 

exist; we note that putting u = 0 yields the existence of T(s, t,c + c'). 

Here, the existence of T{s,t,c) means that in state s we can execute the 
control path c over a length of time t. Clearly, we can then execute c for any 
shorter time u < t Icondition 14. ll 2liiH and the state we obtain depends only 
on the values of c{u) for u G [0,t] (condition 2 (iii)). If t = 0, we remain in 
the same state 1 condition 14. ll 2livH. If, furthermore, in state T{s,t,c), we can 
execute another control path c' for a duration t' , then we can also execute in 
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state s the control path c* + c^, which consists of c cut off after t units of time 
and c' delayed by t units of time, for the total duration t + t', obtaining the 
same result; this is condition 02(i). Two control paths c, c' can be executed 
concurrently at state s, if we can execute them one after the other (in any order) 
or simultaneously with partial overlap; cf. condition 01 3 . 

We now illustrate the idea of a continuous automaton and the concept of 
concurrency in such structures with an example. We are thankful to Oksana 
Arnold for providing us with this example (see Fig.|^. 





Fig. 3. Heated tanks 



Consider two air-tight tanks K1 and K2, each of which is partly filled with 
fluid. The tanks are connected by a pipe with a valve VI. Tank K1 has an addi- 
tional valve V2 as depicted in FigureEl The vapor pressure in K2 is greater than 
in Kl. The collection S of states of this system comprises all tuples (pi,p 2 ,vi,V 2 ), 
where pi and p 2 are the vapor pressures in Kl and K2, respectively, and vi 
[resp. V 2 ] is 0 or 1 according as valve VI [resp. V2] is fully open or completely 
closed. We consider two controls or “events” a and b in E. Control a serves to 
heat tank Kl: when VI and V2 are closed vapor pressure pi rises to a very high 
level q > p 2 - Control b opens VI for a time, then closes it. 

Let Si = (pi,p 2 ,l,l) and S 2 = (pi,p2,l,0) be states of the system with 
Pi < p 2 - In si, both valves are closed; in S 2 , valve VI is closed but V2 is 
open. We assume that pi is the ambient atmospheric pressure. In state si, the 
sequential actions ab and ba affect the system differently. We have 

Si (g,p 2 ,l,l) (r,r, 1,1) 



with p 2 < r < q, and 
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with Pi < u < p 2 and u < u' . However, starting from state S 2 , the end results 
for ab and ba are the same. We have 

S2 {Pi,P2, 1,0) {pi,Pi, 1,0), 

S2 {Pi,Pi, 1,0) {pi,Pi, 1,0). 

We are thus justified in calling a and b concurrent in state S 2 (o||s 2 ^) '^ot in 
state si. 



We now define the concept of a morphism of continuous automata. Let A = 
(5, if, T, So, II) and A' = {S' , E' ,T' , Sq,\\') be two CAC’s. A morphism from A 
to A' is a pair {a,r]) of functions a : S ^ S' , r] : E ^ E' such that rj is 
countable-to-one and the following hold: 



1. if T(s, t, c) is defined, then so is T'{a{s),t, P ° c), and 
cr(T(s,t,c)) = T'(cr(s),t,^oc); 

2. cr(so) = s'o; 

3. c ||s c' in A implies that po c ||)^(^^ po c' in A' . 

Again, we require that p be countable-to-one in order that rJ o c is a control 
path for any c G C{E). This concept of morphism is quite natural from universal 
algebra considerations: morphisms should preserve the structure of the under- 
lying automaton (transitions, concurrency) and the initial state. The identity 
morphism on A is the pair {ids, ids)- 



Proposition 4.2. The class of all CAC’s and their morphisms form a category 
CAC , where the composition of two morphisms A A! — ^ Al' is 
A A" , with a = a" o a' and p = p" o p' . 



Next we indicate how each continuous Petri net gives rise to an abstract tran- 
sition system, i.e. an automaton in which the notion of concurrency is present. 
We then show how to associate a continuous Petri net with each such abstract 
automaton. 

We first construct a functor na from CPN to CAC . Let Af = {P,E,F, Min) 
be a continuous Petri net. We define a corresponding CAC na{Af) = 

{M,E, T, Min, II) as follows: 



1. AA = {M : P — >■ M+ : M{p) >0 for all p G P} is the set of all markings of 
Af, now to be understood as the states of na{Af); 

2. the event set E is the same as in Af; 

3. T{M,t,c) is defined just in case Me' exists, and then T{M,t,c) = Me'; 

4. So = Adin, the initial marking of Af; 

5. c ||m c' is as previously defined. 



The following result is readily verified using the definitions of section 3. 
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Lemma 4.3. If Af is a CPN, then the system na(Af) defined above is a CAC. 

Let J\f and J\f be CPN’s and let (tt, 77 ) be a morphism from J\f to J\f . Let 
na{N) and na{N') be the corresponding CAC’s with state sets M and M' , 
respectively. We define a function a : A4 M.' by a{M) = M o ir, which 
is, by Proposition 3.3, a marking of A/"'. The same proposition guarantees that 
na{TT,ri) = {a,rf) is a morphism from na{M) to na{Af). Clearly, na respects 
composition of morphisms and identities. Thus we have 

Proposition 4.4. The eorrespondenee na is a funetor from CPN to CAC. 

We now define a functor an from CAC to CPN . We note that if Af is a CPN, 
then each condition p G P induces a real function M ^ M{p) from A4 to M+, 
where A4 is the set of markings of Af. Also, p induces the pair (Fi{p) , F 2 {p)) 
in X Essential properties of these induced functions motivate our 

definition of the set of places of A. 

Construction 4.5. Let A = {S, E, T, sq, ||) be a CAC. We build a CPN an(A) 
— {P,E,F,Min) derived from A. The elements of P (the places) are pairs (p = 
{tStTe), where ps '■ S ^ K + is a function, and pE = {{pe)i, {pe)2) is a pair 
in F^{E) X £'^{E). In order for yi to be a place, the functions ps, {pe)i, {te)2 
must satisfy the following hypotheses: 

If T{s,t,c) exists for some {s,t,c) € S x M+ x V, then 

(I) ps(T{s,t,c)) = ps(s) - {{pE)l,w{c)(t)) + {{pE) 2 ,w{c)(t)) 

and, for each u <t, there is some Au > 0 such that 

(II) {{Te)i,w{c){u + Au) - w{c){u)) < ps{T{s, u, c)). 

We define P = {p : p is & place of A}. 

The construction of an{A) continues with the definitions of F = (Fi,F 2 ) and 
Min ■ P M-(_ : 

Fi{T) = {PE)i (* = 1 , 2 ) 

and Min = Ms„, where Mg{p) = ps{s) for s G S' and p G P. 



Lemma 4.6. The structure an{A) = (P,E,F,Min) is a CPN. 

We now note that if Al = na{Af) is the automaton associated with a CPN Af 
as previously defined, then places of A exist in abundance. For each p G P, we 
define a pair \p\ = {\p\j^ , \p\e)i Ih® extent of p, where \p\j^ : A4 — >■ M+ is the 
evaluation map |p|^ (M) = M{p), and \p\^ = {Fi{p), F 2 {p)) G (E) x i’ff{E). 

Lemma 4.7. With Af as above and p G P , the extent \p\ is a place of the CAC 
na{Af) according to Construction o 



Proof. Routine. 
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We proceed with the definition of the functor an. Let A = (S', if, T, sq, ||) 
and A' = (S', if', r', Sg, II') be CAC’s and let (ct, ry) be a morphism from A 
to A'. Consider the associated CPN’s an{A) = (P,E,F,Min) and an(A') = 
{P' , E' , F' , M^^). We define a pair an{a,r]) = {n,r]) with n : P' ^ P the func- 
tion defined by where Tr((p')s : S — >■ K+ is given by 

T^{‘P')s = <f's' ° cr, and Tt{^')e = {{<f'E')l ° V, {<f'E')2 ° v)- 

Lemma 4.8. (a) For each ip' G P' , the pair = {Tr{ip')s,E{(p')E) defined 

above is a place of A. 

(b) The pair (tt, rf) = an{a, rf) is a CPN-morphism from an{A) to an{A') . 

Proof. (a) Assume that T{s,t,c) is defined. Then 

T^{T')s(T{s,t,c)) = ip's,{a{T{s,t,c)) 

= T's'{T'{a{s),t,rioc)) 

= - {{ip'Efii,w{fio c){t)) + {{ip'E,) 2 ,w(rj o c)(t)) 

= ^(t')s(s) - ((ipE,)ior/,w(c)(t)} + (((p'e>) 2 oV,u>(c)(t)} 

as required for equation (I). We then have (for each u <t and Au > 0) 

'^{t)s(T{s,u,c)) = ip'sfi<j(T{s,u,c)) 

= T's'iT'(a{s),u,f]oc)). 

Since (/?' is a place, and T'{cr{s),t,ri o c) is defined, there is some Au > 0 such 
that the above quantity is at least 

{{ip'E>)i,w(jj o c){u + Au) - w{fj o c){u)) = {{ip'E')i or],w{c){u + Au) - w{c){u)) 
as required for (II). 

(b) By (a), tt is well-defined. Next, we note that for every s G S and ip' G P', 
Ms{E{ip')) = 7t((^')(s) = V5'(o"(s)) = M'^(s)(t'), so that = M^ott. In 

particular, M'„ = M', = = Mgp 0 7T = 0 7T, as required. Now suppose 

that ip' G P' and e G E. For z = 1, 2 we have 

{F'{ip'),p{e)) = {{ip'E,)i,v{e)) (def.F') 

= {{T'E')i°V,e) 

= ((7!-(</3')i5)i>e) (def. tt) 

= {Ffi7:{ip')),e) (def. F). 

□ 



We summarize these results in the 

Lemma 4.9. The correspondence an is a functor from CAC to CPN . 

The lemma is simple: we note that an preserves identities and compositions. 
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5 An Adjunction 



In this section, we will show that the functor an : CAC — >■ CPN actually is an 
adjunction with left adjoint na. 

Let A = (S', if, T, so) II) be a CAC and let an{A) = (P,E,F,Min) be the 
corresponding continuous Petri net. Then let na{an{A)) = {M,E,T',s'q, ||') be 
the associated CAC. We define a function (Tq : S — >■ A1 by CTo(s) = Mg. (Recall 
that Mg{ip) = (fis{s) for all places (p G P.) Let ids : E ^ E he the identity 
function idsie) = e. 

Lemma 5.1. The pair {uQ,idE) is a CAC morphism from A to na{an{A)). 

Proof. Suppose that T{s,t,c) is defined. Then cto(s) = Mg is non-negative and 
hence is a marking. We now assert the existence of T'((Jo(s), t, c) = T'{Mg,t,c). 
This is equivalent to the existence of {Mg)A, where 



A{u) 



c{u) for M < t 
0 for M > t. 



For all places (pGP, all 0<u<t and some Au > 0, we have 

{Fi{(p),w{c){u + Au) - w{c){u)) 

= {{(Pe)i,w{c){u + Au) - w(c)(u)) (def Fi) 

< <ps(T(s,u,c)) (place) 

= Ts(s) - (((Pe)i,w(c)(u)} + ((pe) 2 , u^(c)(u)} (place) 

= Mg(p) - (Ei(p),w(c)(u)} + (P 2 ((p),w(c)(u)} 

= (Mgc)u(p), 

so that MgC exists. If s' = T{s,t,c), then 

ao{T{s, t, c)) = (To(s') = Mg' and 
T'{ao{s),t,c) =T'{Mg,t,c) = MgA. 

As above, MgA{p) = ips{T{s,t,c)) = ps(s') = Mgi{(p) for all (p G P. As 
required, ao{T{s,t,c)) = T'{ao{s),c,t)- 

Next, we see that cro(so) = Mg^ = M^. Finally, we verify that if c ||s c' in A, 
then also C IIm„ c' in na{an{A)). The relation c ||s c' implies that T{s,t,c + c(j) 
is defined for alH, m > 0. Then for each place p of A, as above we have 

Mg{c + c'^)\p) = psiT{sC,c + c'^)) 

> {Fi{p),w{c+ c'.^){t + At) - w{c + c'^){t)) 

for some At > h. Thus Mg{c+ c(^) and, by symmetry, Mg(c„ -I- c') exist, and 

c Ilk c'. □ 

Let N = {P, E, F, Min) be a CPN and let na{J\f) = {Ai,E, T, Min, II) be the 
corresponding CAC. Then consider an{na{N)) = {P' , E, F' , M-n), the associ- 
ated CPN. We recall that 
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- P' = {ip' : p' = is a place of na{M)}] 

- F'{^') = {ve)2)] 

- = p'{Min) for each p' G P' . 

We now construct a morphism {-K^^idE) from an{na{M)) to Af, defining 
Eo{p) = \p\, the extent of p. By Lemma ^21 ttq : P — >■ P' is well-defined. 

Lemma 5.2. The pair {nQ,idE) is a CPN-morphism from an{na{Af)) to Af. 

Proof. Given any p G P, we have F{p) = \p\^ = F'{\p\) = F'{ttq{p)). Next, we 
verify that o eq: for each p G P, we have M'„(7 To(p)) = M'„(|p|) = 

\p\M{M^n) = M^ri{p)- □ 



Theorem 5.3. The functors an : CAC — ?> CPN and na : CPN — >■ CAC form 
an adjunction with an the left adjoint of na; the components of the units and 
co-units of this adjunction are the morphisms given in Lem.m.a Jf). 1 \ a.nd Lemma 
1.7. M 

Proof. Let A = (S', P, P, sq, ||) be a CAC and let an{A) = {P,E,F,Min) be 
the associated CPN. Let Af = {P' , E' , F' , M{^) be a CPN and let na{Af) = 
{A 4 ',E',T',Ml^, II') be the corresponding CAC. 

First, given a CPN-morphism an{A) J\f described by functions tt : P' — 
P and r] : E ^ E', we define a function cr : S — >■ A 4 ' by putting cr(s) = o tt. 
We assert that t9(7r, 77) = (a, rj) is a composition of CAC-morphisms 

(o-o.idE) , na(TT p) ^ 

A — > na[an(A)) na[AJ), 

where cro(s) = Ms is the function considered in Lemma 10 Indeed, we have 
na{n, rj) = (cr', 77) with a'{M) = Mon, and (r'(cro('S)) = o'o(s)o7r = MgOn = a{s) 
for all s G S. 

Secondly, suppose that cr : S — ?> Ad' and rj : E ^ E' are given functions 

such that A na{Af) is a CAC-morphism. We define a function n : P' ^ P 
by setting n{p') = (7r(p')s, 7 t(p')_e), where n{p')s(s) = a{s){p') and {n{p')E)i = 
F'i{p')or]. We will show that p(cr, rf) := (tt, 77) is a composition of CPN-morphisms 

an(CT 17) ^ .r 

an{A) — >■ an{na{AI )) — f A, 

where 7To(p') = |p'| is the function considered in Lemma We have an{<j, rf) = 
{n' ,rf), where n'{p')s{s) = p'j,^,{a{s)) and n'{p')E’ = p'e' ° d- Then 

e'(7To(p'))s(s) = eo(p')m'(<^(s)) = ct(s)(p') = n(p')s(s) and 

e'( 7 To(p'))e = 7 To(p')e' 077 = Ip'I^,, o? 7 = P'(p') o 77 = e(p')e, 
as required. 

Finally, we prove that d and p are mutual inverses and establish a bijec- 
tive correspondence between CPN-morphisms an(A) — ?> Af and CAC-morphisms 
A na{Af). 
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First let {a, rj) : A na{J\f) be a morphism. We demonstrate that '&{(p{cr, 77)) 
= (cr, 77) . Put = (n,ri) and = (cr',77). For all s G S' and p' £ P', 

we have cr'(s)( 77 ') = Ms{tt{p')) = 7 r(p')(s) = a{s){p'), so that a' = a. 

Finally, let {Tr,r]) : an{A) Af he a, morphism. We show that (p{'&{TT,ri)) = 
(n,ri). Put ’&{TT,ri) = {cr,ri), where a{s){p') = Mg o n{p') = Tr{p')s{s). Now for 
(fi{'&{n,r])) = (7 t',77 ), we have Tf'{p')s{s) = cr(s)(p') = tt{p')s{s) for all p' G P' 
and s G S'; also, tt'{p')e = F'{p') o 77 = F{tt{p')) = {e{p'))e- This proves that 

7 T = 7 t'. □ 

6 A Coreflection 

In this section, we demonstrate the existence of a coreflection between CPN and 
a certain subcategory of CAC . We will also obtain which continuous automata 
A (with only reachable states) are of the form A = na{J\f) for some continuous 
Petri net N. Suppose that A = {S, E,T, sq, ||) £ CAC . s G S, > 0, t > 0, 
c G C{E) and p \s a place of A. Then we define the quantities 

N{p, s, t, c) = ps{s) - {{‘PE)l,w{c){t)) + {{LpEh,w{c){t )) , 

= {{ipE)i,w{c){t + At) - w{c){t)) . 



Definition 6.1. We will call a continuous automaton with concurrency A = 
{S,E,T,so, ID rich, if the following conditions are satisfied: 

1. the places separate the states of A, i.e., whenever u,v £ S are states such 
that ipsiu) = (fs(v) for all places p of A, then u = v; 

2. whenever c G C{E), t > 0, and s £ S such that for all places (p of A, and for 
each u < t, there is some Au > 0 with 

K{ip, u, Au, c) < N{ip, s, u, c), 

then for all u < t, Su = T{s, u, c) is defined; 

3. whenever c, c' G C{E), u > 0, and s £ S such that for all places <p, and for 
each u > 0, there is some Au > 0 such that 

K{p, u, Au, c + c'„) < N{(f, s,u,c+ c(,) 

K{(fi, u, Au, Cy + c') < N{ip, s, u, Cy + c') 



then c ||s c'. 

Requirements (l)-(3) ensure that the structure of the given automaton A is 
directly correlated with properties of the places of A. We see now that these 
conditions are satisfied by all CAC’s arising from nets via the functor na. 

Proposition 6.2. Let N he a CPN. Then A = na{J\f) is rich. 
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Proof. First, suppose that M and M' are states of A, i.e. markings of Af, with 
M yf M' . Then there is some p G P with M{p) ^ M'{p). Now \p\ is, by Lemma 
14.71 a place of na{M) such that \p\ (M) ^ \p\ {M'). This establishes 16.11 1 for 
A = na{J\f). 

To check 10 2 for A, let c S C{E), t > 0, M a, marking such that for all 
places (fi and for all u <t, there is some Au > 0 such that 

K{(p,u, Au, c) < N{p, M,u,c), 

then putting p =\p\ yields 

{Fi{p),w{c)(u + Au) - w{c){u)) < Mu{p), 

so that M„ = T{M, u, c) for all u <t, as required. 

Next, we check condition ti.11 3 for A. Let M be a marking of Af and let 
c, o' G C{E) be such that for all places (p and u,v >0, there exists some Au > 0 
such that 

K{p, u, Au, c + c'„) < N{p, M,u,c+ c'„) 

K{(p, u, Au, Cy + c') < N{p, M, u, Cy + c'). 

Then taking p =\p\ yields 

{Fi{p),w{c + c'y){u + Au) -w{c+ c'y){u)) < M{c + c'y)u{p) 

{Fi{p),w{cy + c')(u + Au) - w{cy + c'){u)) < M{cy + c')u{p) ■ 

The existence of M(c+ c'y) and M{cy + c') follows, and c\\m c', as desired. □ 

Next, we wish to show that for such rich continuous automata with concur- 
rency, the morphism of Lemma 15.11 turns out to be an embedding. These are 
defined as follows. 

Definition 6.3. Let A = (S', if, T, sq, |1) and A' = {S' , E' ,T' , s'q,\\') be two 
CAC’s. A pair ( 17 , 77 ) of functions ct : S — >■ S', 77 : if — )> A' is called an embedding 
of A into A', if the following conditions are satisfied: 

1 . a and 77 are one-to-one, and cr(so) = sj,; 

2. T{s, t, c) is defined if and only if T'{a{s),t, 77 o c) is defined, and in this case 
<j{T{s, t,c)) = T'{a{s),t, 77 o c), for any s € S,t > 0 and c G C{E); 

3. c||sc' in A if and only if 77 o c o c' in A', for any s G S and c, c' G C{E). 

Furthermore, A is a subautomaton of A', if S C S' ,E C E' and the pair 
{ids, ids) of identity mappings ids ■ S — >■ S' ,idE : if — >■ A' is an embedding of 
A into A! . 

Again, this is the usual concept of embeddings from universal algebra con- 
siderations. Trivially, any embedding is a morphism. Now we show: 

Theorem 6.4. Let A be a rich CAC. Then the morphism {ao,idE) '■ A — >■ 
na{an{A)) is an embedding. 
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Proof. Let A = (S', E’, T, sg, ID- We form an{A) = {P, E, F, Min) according to 
Construction i!3 and A! = na{an{A)) = (A4, E, T', Mg, |1') as before. Recall 
that {ao,idE) ■ A ^ A' with crg(s) = Ms{s G S) is a morphism by Lemma l^m 
This already implies crg(sg) = Mg and one implication of conditions I6.dl 2 and 

103. 

First suppose that s, s' G S with Mg = Mg'. Then for any place (p of A, we 
have </j(s) = Mg{p) = Mgi{(p) = ip{s'). By condition 16. Il l, s = s', so that trg is 
one-to-one. 

Now let s G S, t > 0 and c G C(E), and assume that T'(crg(s), t, c) =: M' 

p 

is defined, i.e.. Mg — > M' in na{an{A)). Then, for each place p oi A and all 
u < t, there exists some Z\it > 0 such that 

K{p, u, Au, c) = {Fi{p),w{c){u + Au) — w{c){u)) 

< {Mg)u{p) 

= N{p,Mg,u, c). 

Invoking 10 2 . we find that there exist states s„ = T{s,u,c) for all u < t. 
Since (aojids) is a morphism, we obtain tTg(T(s, t, c)) = M', proving condition 

102 . 

Finally, suppose that c, c' G C(E) and s G S, with c IIms c' in A! ■ It remains 
only to show that c||sc' in A. For all u,t ^ 0 and each place p of A, there is 
some At > 0 such that 

{Fi{p),w{c+c'n){t+ At) -w{c + c'n){t)) < {Mg)t{p) 

{Fi{p),w{cu + c'){t + At) - w{Cu + c'){t)) < {Mg)t{p) 

We re-write these inequalities as 

K{p,t,At,c+ c'n) < N{p,Mg,t,c + c'n) 

K{p,t, At, Cu + c') < N{p, Mg,t, Cu + c') 

and invoke 1^23 to conclude that c ||s c' as required. □ 

We also have 

Lemma 6.5. Let A! he a rieh CAC and A a subautomaton of A' . Then A is 
also rich. 

Proof. Let A = {S, E, T, sg, ||) and A! = (S'', E', T', sg, ||'). If t > 0 and c G C{E), 
then idE°c=: c' G C(E') satisfies {c'{t),e) = {c{t),e) if e G E, and (c'(t),e') = 0 
if e' G E' \ E; similarly for w{c')(t),w{c){t). Also, if T{s,t,c) exists in A, then 
T'{s, t, c') = T{s, t, c). Using this, it is easy to see that if p' is a place of A', then 
the restriction of p' to S and E is a place of A. 

To check condition 16. Il l . let u,v G S such that ps{u) = ps{v) for all places 
p of A. Then also p'g,{u) = Ps>{v) for all places p' of A' and hence u = v 
since A! is rich. Similarly, conditions 16. 1 1 2 and Hi. Il 3 follow, using also that the 
transitions and concurrency relations of A are restrictions of the ones of A'. □ 
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As a consequence, we have: 

Corollary 6.6. Let A he a CAC. Then A is rich if and only if A is isomorphic 
to a subautomaton of na{M), for some CPN Af. 

Proof. Immediate by Theorem El Proposition El and Lemma El □ 

Let A = (S', i?, T, So, II) be a CAC. A state s £ S is called reachable, if 
s = T{sQ,t,c) for some t > 0 and some control path c (note that in view 
of condition 102m there is no need to introduce the customary sequence of 
transitions leading from sq to s). Next we define 

TZ{A) = {S' , E,T' , sq,\\') ,where 
S' = {s G S; s is reachable}, 

T' = rn(S' X R+ X C{E) X S'), 

ir = (IU).eS'. 

It is easy to recognise that R{A) is a CAC each state of which is reachable 
and that R{A) is a subautomaton of A. Now, if (cr, 77) : A — >■ A* is a CAC- 
morphism, let R{a,r]) = {a',rf), where a' is the restriction of cr to the states of 

R{A) 

Lemma 6.7. Let A, A! be two CAC’s and let (17,77) : A — >■ A' be an embedding 
with rj onto. Then TZ{a, rj) : TZ{A) — >■ TZ{A') is an isomorphism. 

Proof. Let A = (S, E, T, sq, ||) and A' = (S', E' , T', Sq, ||'). Clearly, TZ{cr, 77) is an 
embedding. We only have to show that cr maps the reachable states of A onto 
the reachable states of A'. Let s' = T'(s'q, t, c') for some t > 0 and some control 
path c' G C{E') of A'. Since 77 is bijective, so is 77, and c = fj~^ o c' is a control 
path of A with c' = 77 o c. Hence s = T{sq, t, c) exists in A and ct(s) = s'. □ 

Corollary 6.8. Let A be a CAC. Then A is isomorphic to an automaton of the 
form TZ{na{Af)) for some CPN Af if and only if A is rich and each state of A 
is reachable. 

In this case, {ao,idE) ■ A^ TZ{na{an{A))) is an isomorphism. 

Proof. By Corollary 16. 6L each automaton of the form R.{na{Af)) is rich, and 
trivially each state is reachable. For the converse, by Theorem 16.41 {ao,idE) 
embeds A into na{an{A)). Now apply I,emma, l6.7l □ 

Let CAC ^ be the full subcategory of CAC consisting only of rich CAC’s 
in which each state is reachable. Clearly, TZ : CAC — >■ CAC ^ as defined above 
is a functor. Then the composition na^ := TZo na : CPN CAC ^ is also a 
functor. Let an^ : CAC ^ — >■ CPN just be the restriction of the functor an to 
CACP^. Now we obtain our desired coreflection result: 

Theorem 6.9. The functors an^ : CAC ^ — >■ CPN and naA : CPN — >■ CAC ^ 
form a coreflection with an^ the left adjoint of naf^ ; the components of the unit 
of this adjunction are the (iso-)morphisms {a^,idE) given in Lemma\^\ 
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Proof. By Theorem ESI it only remains to show that {(jQ,idE) '■ A — t noA o 
ariA{A) is an isomorphism for each A G CAC ^. But this is immediate by 
Corollary 16.81 □ 

For later use in section 8, we also include the following remark. 

Lemma 6.10. Let A, A' G CAC such that each state in A is reachable. Let 
(cr, rj), {a', rj') : A ^ A' be two morphisms. If t] = ij' , then a = a' . 

Proof. Let A = (S', if, T, sq, ||) and A' = {S' , E' ,T' , Sq,\\'). Choose any s G S. 
Then s = T{so,t:C) for some t > 0 and some control path c G C{E). Hence 
cr(s) = T'{s'o,t,ri°c) = T'{s'o,t,v' °c) = a'{s). □ 



7 Products and Coproducts 

In this section, we wish to consider the product and coproduct construction for 
the categories of continuous Petri nets and continuous automata with concur- 
rency. 

First, since these constructions naturally involve the direct product of event 
sets, the canonical projections forming the event mappings of the morphisms 
have to be countable-to-one. Therefore we require subsequently all event sets 
to be countable. From the point of view of applications (with events repre- 
senting executions of controls), this is no essential restriction. Therefore, let 
CPN n. CAC n. CAC ^ denote the full subcategories of CPN . CAC and CAQ^, 
respectively, whose objects have only countable event sets. 

Since for our Petri nets continuity is important for the definition of the dy- 
namic behaviour, but not for the net structure and the morphisms, here we can 
use the same product and coproduct construction as in the discrete case, as de- 
veloped in nm. For the convenience of the reader, we sketch these constructions 
here, since they will be used for the category CAC ^ . 

Definition 7.1. Let Mi = {Pi, Ei, E\M'.^) {i = 1, 2) be two disjoint Petri nets 
in CPN n. We define the Petri net M = {P,E,E, Min) as follows. 

1. P = PiU P 2 and E = El X E 2 

2. For p G Pi {i= 1,2), (61,62) G E and j = 1,2, let (p, (61, 62)) = F^{p,ei) 

3. Min{p) = Mln{p) \ipGP^{i = 1,2). 

Define morphisms tt^ = {idp^,TTEi) '■ M — t Mi, where idp^ : Pi ^ P is the identity 
mapping and irpi ■ E — >■ Ei, TTEi{ei, 62) = Ci, is the projection mapping onto Ei 
(* = 1 , 2 ). 

Lemma 7.2. With the above notation, the product of Mi and M 2 in the category 
CPN q is the net M equipped with the projections tti, 7T2. 

Proof. We first have to show that M actually belongs to CPN_q. Indeed, E is 
countable and for any p G Pi and i,j G {1,2} we have ||F,(p)||oo = ||F}(p)||oo- 
Hence M G CPN q. Since all event sets are countable, tt^ : Af — t A/) is a morphism 
{i = 1, 2). The fact that M is the categorial product of Mi and M 2 can be shown 
easily as in ma, Lemma 4.2. □ 
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Next we turn to the coproduct. As in m, in general the coproduct of two nets 
A/i, A /2 does not exist. For example, assume that the initial markings of Afi and 
A /2 have different values, i.e. ^ Mf^{p2) for all places p\ G Pi, p2 £ P 2 . 

Then there is no Petri net A/” with morphisms (711,771) : Afi ^ Af {i = 1,2): 
choose any p G P, then MI^{tti{p)) = Min{p) = Mf^{'K2{p)), a contradiction. 
This leads to the following concept of conditional coproducts. 

Definition 7 . 3 . Let C be a category. We say that C has conditional coproducts, 
if for any two objects A,B of C the following holds: If there is an object C G C 
with morphisms ip : A ^ C and if : B ^ C, then there is a coproduct of A and 
B in C. 

We just remark that this notion is similar to the concept of bounded com- 
pleteness (consistent completeness) in the theory of Scott-domains: a partially 
ordered set is bounded complete, if any subset which has an upper bound has a 
supremum (= least upper bound). Now we will show that CPN q has conditional 
coproducts. The construction of the coproduct itself is almost dual to the one 
of products: for the event sets we take the disjoint union, but for the state sets 
only a subset of the direct product. 

Definition 7 . 4 . Let A/i = (Pi, Pi, P*, Mi„) be two Petri nets in CPN q, and as- 
sume there is a Petri net Af* = {P* , E* , F* , M*.^) with morphisms Qi = (tti, 771) : 
A/i — >■ Af* {i = 1,2). We define N = (P, P, P, Min) as follows: 

1. P = {{pi,P2) G Pi X P 2 : MlJpi) = Mfjp2)}, 

2. P = P 1 UP 2 (disjoint union), 

3. Pj{{pi,p2),ei) = F]{pi,e^) for i,j G {1,2}, 

4. Min{pi,P2) = MlJppi) = Mf„{p2). 

Furthermore, let iui = (ttp^, idEi) '■ Afi — >■ A/” where ttp^ : P — Pi is the projection 
and idEi '■ Ei ^ E is the identity mapping. 

Proposition 7 . 5 . Under the above assumptions, Af together with the inclusion 
morphisms ini,iu2 is the coproduct of Afi and A/ 2 . 

Proof. We first show that P is non-empty. By assumption, choose any p* G P* . 
Then M}„(7Ti(p*)) = M*^{p*) = Mf^{E2{p*)), so (7Ti(p*), 712 ( 75 *)) G P. Clearly, 
||A(;(pi,P 2 )||oo = max ||P|(75i)||oo for any ( 751 , 752 ) G P and j = 1,2. Hence N G 

i— 1,2 

CPN q . Also, iui is a morphism, and the categorial coproduct properties of Af 
follow easily as in HD] □ 

Now we turn to the product and coproduct construction for the categories 
CAC q and CAPf^, where the situation is more complicated. First we consider 
the product. If Pi,p 2 are sets, we let tte , : Pi x P 2 — >■ Pi denote the canonical 
projection (i = 1,2). Recall then the linear transformation tT^ : £(Pi x P 2 ) — >■ 
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Definition 7 . 6 . Let Ai = {Si, Ei,Ti, Sq,\\’‘) € CAC n {i = 1,2). We define 
A = {S, E, T, So, II) as follows: 

1. S = Si X S 2 , E = El X E 2 and Sq = (sj, Sq). 

2. T((si, S 2 ), t, c) := (Ti(si, t, F e^oc), T 2 (s 2 , t, tTe^oc)), provided this pair exists 
for any (si,S 2 ) € S,t € M+ and c G C{E), 

3. c ||(si,s 2 ) iff '^Ei o c II*. TTEi o c' in Ai for i = 1,2, for any (si, S 2 ) G S, and 
c,d €C{E). 

Furthermore, define tt^ = (7T5^,7rEj : A ^ At as componentwise projection, i.e. 
7'‘Si(si,S2) = Si and tte, (61,62) = Ci {i = 1,2). 



Lemma 7 . 7 . With the above notation, the following hold: 

(a) A together with the projections tti, 7 T2 is the product of the automata Ai and 
A2 in the category CAC n ■ 

(b) If Ai and A2 are rich, then A is rich. 

(c) Let .Ai,.A2 G CAC ^. Then the product of Ai and A2 in the category CAC ^ 
is R{A), together with the restrictions of the projections 7 ri, 7 T 2 . 

Proof. (a) We first show that A G CAC n. To check condition 14.1 1 2('il. let 
c, c' G C{E),s = (si,S2) G S and t,t' G K+ such that s' = (s'i,S2) = T{s,t,c) 
and s" = (s",S2) = T{s',t',c') exist. Then s' = Ti{si,t,TTE~ o c) and s" = 
Ti{s'^,t' ,W e: o c') in Ai, so s" = T(s, t + t' ,WEj o A + We: o c() {i = 1, 2). Since 
WEjoc'+WEjoc'^ = WE~o{c' + c'^) by linearity of WeT, we get s" = T(s, t+t', c* + c() 
as required. Similarly, we obtain the rest of condition >4.11 2 and 14.11 3. It follows 
immediately from the definitions that ni : A ^ Ai are morphisms (i = 1,2). 

To check the universal product properties, let A! = {S' , E' , T' , Sg, ||') G CAC n 
and {ai,r]i) '. A' ^ Ai (i = 1,2) be two morphisms. We claim that the usual 
pairing (cri X(T2, r]ixr]2) : A' ^ A is a, morphism. Indeed, since 71^^0(771 x 772) = Pi, 
by the remarks in section 2 we have 



EEi o 7?1 X 772 = -KEi o (771 X 772) = 77* , and so 



'EEi orji X rj 2 0 c = rjiO c 

for each path c G C{E') and i = 1,2. Now if s' £ S', t £ K+ and c G C{E') 
such that s" = T'{s',t,c) is defined, then cji{s") = Ti{ai{s'),t,f]j o c) in .4^ ( i = 
1,2), and so (Ti x <J2{s") = {ai{s"),a2{s")) = T{ai x a2{s"),t,r]i x 772 o c) in A 
as required. Similarly, c ||),, c' in A' implies pj o c ||^.(,,/) Vio C in Ai {i = 1, 2), 
showing 771 X 772 o c ||c,ixcr2(s') t?i x 772 o c' in A. This proves our claim. The rest 
is straightforward. 

(b) First we show for any fixed i G {1, 2} that if :pi = {(psi , PEi) is a place of Ai, 
then p = {ps,pe) defined by ps = pSiOESi,PE = {{pe^ioee^, {pEj20EEi) is a 
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place of A. Indeed, suppose that (s, t,p) £ Sx R+ xC{E) and (s'l, S2) = c) 

exists in A, where s = (si, S2). Then s' = Ti(si, t, o c) in Ai and so 

<Ps(si, 4 ) = 

= 'fSi^Si) - {{LpEi)l,w{WEl O c){t)) + {{LpEi)2,w{TfEl O c){t)) 

= Vs{s) - {{ipE)l,w{c){t)) + {{ipE)2,w{c){t)) 

using Proposition rz. II and formula ( 0 . This proves condition imn. and prar in 
follows similarly. 

Now we show that A is rich. To check condition lOl. let s = (si, S2)j s' = 
(s'i,s'2) G S such that ip{s) = <p{s') for each place p of A. By the above, we 
obtain (pi{si) = Pi{s'j) for each place ipi of Ai and, since Ai is rich, thus Si = s'^ 
{i = 1,2). Hence s = s' . Similarly, we can check conditions li.1L 2 and ii 1 1 .8 

(c) Let A' = {S' , E' ,T' , s'q, |1') G CAC ^ and let {ai,r]i) ■. A! ^ Ai be mor- 
phisms {i= 1,2). By (b), A is rich. Since R{A) is a subautomaton of A, Lemma 
Hi., SI shows that R{A) G CACJ^. We define (cr, ry) : .4' — ^ by tr = {ai,a2), i.e. 
<j{s') = {ai{s'),a2{s')), and rj = (771,772) (correspondingly). As in (a), (17,77) is a 
morphism and {ai, rji) = o {a, rf) {i = 1,2). It only remains to show that {a, 77) 
is a morphism from A' actually to R{A), i.e. that each state of a{S') in A is 
reachable. Indeed, if s' G S', then s' = T'{s'q, t, c) in A' for some t > 0 and some 
control path c G C{E'). Then cr(s') = T{so,t,f] o c) is reachable in A. 

□ 



Next we turn to coproducts in CAC n. Here, the situation is easy: 
Proposition 7.8. The category CAC n has coproducts. 

Proof. Given ^1,^2, define A as usual as the disjoint union of Ai and A2, 
identifying the initial states. Then together with natural inclusions, A is the 
coproduct of v4i and A2. □ 

By the corefiection of Theorem Iti.t)! the category CAC l^ is ’embedded’ into 
CPN n. This will enable us to form a conditional coproduct for CAC’s inside 
CPN q. In fact, the following argument is analogous to the proof of the corre- 
sponding result for discrete Petri nets and automata with concurrency, cf. m. 
Proposition 4.9. 

Proposition 7.9. The category CAC n has conditional coproducts. 

Proof. Let Ai,A2 G CAC n, and assume there are morphisms from A\,A2 to 
some A* G CAC q. Then in CPNq there are morphisms from Afi = an{Ai) and 
A/2 = an{A2) to an{A*). By Proposition 17. .'ll we form the coproduct Af with 
inclusions int : Aft ^ Af {i = 1,2) of Afi and A/2. Choose the isomorphisms 
Li ■. Ai ^ na^ oan{Ai) given by Corolla, rv lti.8l We claim that na^{Af), together 
with the morphisms na{ini)oL^ : Ai na^{Af) {i = 1, 2), is the coproduct of Ai 
and A2. Choose any A! G CAC q and morphisms pi : Ai ^ A' . We have to show 
that there is a unique morphism a : na^{Af) — >■ A! such that aona{ini) o Li = pi 
for 7 = 1,2. 
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Since an{pi) : Mi — >■ an{A') are morphisms and M is the coproduct of M\ 
and A 2 , there is a (unique) morphism p : M ^ an(A') such that poim = an{pi) 
{i = 1,2). Then na(p) : na^{M) — >■ na^oan{A') and na{p)ona{irii) = naoan(pi) 
{i = 1,2). Furthermore, choose the isomorphism l : A' ^ na^ o an{A') given by 
Corollary lti.8l see Fig. 0 




Fig. 4. coproducts 



Now suppose we can show that 

(no o an{pi)) o q = t o for z = 1, 2. (5) 

Then the whole diagram of Fig. 0 commutes, so o na{p) o na{irii) o tj = 
o [na o an(pi)) o ii = pi for z = 1, 2, and we may put tr = o na{p). 

To show ( 0 , observe that both ii and z act like the identity on the event 
sets, hence the event mappings of the left hand side resp. the right hand side 
of (jS|) are equal. Since Ai has only reachable states, by Lemma l(i. 1 1)1 the two 
corresponding state mappings have to be equal, too. This proves 0 ). 

To show that a is unique, let a' : na^{M) — >■ Al satisfy o' o na{irii) o ii = pi 
for z = 1,2. The event mapping of na{irii) o is the identity, so a' and pi have 
the same event mapping on the event set of Ai, and the event mapping of pi 
equals the corresponding restriction of cr = z“^ o na{p). Hence a' and cr have 
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e 



Fig. 5. Petri net Af 



the same event mapping and hence, again by Lemma lh.lOl we obtain a' = a as 
required. □ 

Now we can summarize our results: 

Theorem 7.10. The category CAC ^ has products and coproducts and the cat- 
egories CPN and CAC n have products and conditional coproducts. 

8 Conclusion 

We have presented a model of Petri nets in which places may carry continuous 
amounts of tokens and events can act by control paths continuously on them. 
The dynamic behaviour of these continuous Petri nets could be described by 
continuous transition systems with concurrency, and we obtained an adjunction 
between the associated categories using the concept of regions from ’discrete’ 
Petri net theory. By a coreflection we characterized which continuous transi- 
tion systems correspond to the dynamic behaviour of continuous Petri nets. We 
showed that suitable categories of continuous nets and continuous automata, 
respectively, have products and conditional coproducts. 

These results were obtained, taking into account some observations on control 
paths, quite analogously to the corresponding results for discrete Petri nets and 
automata with concurrency relations, cf. um. The question arises about the 
relationship between these two types of similar results. In section 3, we related 
the discrete model to the present one by associating with each event e a pure 
control path c® such that if M — ^ M' in the discrete case, then c® transforms 
M into M' also in the continuous case in one unit of time. However, we note 
that the converse fails. Consider the Petri net Af of Fig.0 

We have Mi„{p) = 1 and Fi{p,e) = F 2 {p,e) = 2. Clearly, Mi^ Mi^ 
as is easy to check (for inequality (0 take any At < 0.5). But, in the discrete 
case, e cannot fire at marking M^. Hence the results on the discrete case of m 
mentioned above do not follow from the present ones. Further similar discrepan- 
cies between the discrete and the continuous model have been noted in Recalde, 
Teruel and Silva PI- 

This is due to the fact that when determining the weight function, we chose 
the usual Lebesgue (or Riemann) integration. We could incorporate the discrete 
case into the present setting by integrating with respect to Dirac (point) mea- 
sures. Then, indeed, we obtain M — ^ M' in the discrete case if and only if 
M ^ M' in this continuous fashion with respect to the Dirac measure after. 
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say, one unit of time. A generalization containing both results would require a 
bit more measure theory and for the sake of clarity we preferred just to deal 
with the present case. 

Also, the question arises whether we could not model a system with both 
continuous and discrete components. This can be done, of course, by approxi- 
mating e.g. the discrete components continuously (or by measurable functions); 
but if we want to do this exactly, one could use Riemann integration as here and 
model the discrete part as in physics by Dirac functions, i.e. resort to the theory 
of distributions. One could probably develop similar results as here (we have 
not checked the details), but the present restricted approach is mathematically 
much simpler. 

In any case, since the present approach using just measurable functions is 
very general, it could be interesting to try to specialize the duality CPN o CAC 
to more concrete versions of continuous Petri nets investigatedd in the literature. 
Possibly, then some of the consequences of this duality developed for the discrete 
case could also be utilized in the continuous setting. 
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